From b2e99e1819d967828edf149db5a203e59a40e379 Mon Sep 17 00:00:00 2001
From: Eryu Guan <guaneryu@gmail.com>
Date: Fri, 10 Jan 2014 22:50:02 +0800
Subject: Btrfs-progs: check return value of read_tree_block() in
 check_chunks_and_extents()

The following steps could trigger btrfs segfault:

mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3}
losetup -d /dev/loop2
btrfs check /dev/loop0

The reason is that read_tree_block() returns NULL and
add_root_to_pending() dereferences it without checking it first.

Also replace a BUG_ON with proper error checking.

Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <clm@fb.com>
---
 disk-io.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'disk-io.c')

diff --git a/disk-io.c b/disk-io.c
index 7eda2e12..8009b947 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -644,7 +644,10 @@ out:
 	blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item));
 	root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item),
 				     blocksize, generation);
-	BUG_ON(!root->node);
+	if (!root->node) {
+		free(root);
+		return ERR_PTR(-EIO);
+	}
 insert:
 	root->ref_cows = 1;
 	return root;
-- 
cgit v1.2.3