• Filipe Manana's avatar
    Btrfs: don't access non-existent key when csum tree is empty · 35045bf2
    Filipe Manana authored
    When the csum tree is empty, our leaf (path->nodes[0]) has a number
    of items equal to 0 and since btrfs_header_nritems() returns an
    unsigned integer (and so is our local nritems variable) the following
    comparison always evaluates to false:
    
         if (path->slots[0] >= nritems - 1) {
    
    As the casting rules lead to:
    
         if ((u32)0 >= (u32)4294967295) {
    
    This makes us access key at slot paths->slots[0] + 1 (1) of the empty leaf
    some lines below:
    
        btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
        if (found_key.objectid != BTRFS_EXTENT_CSUM_OBJECTID ||
            found_key.type != BTRFS_EXTENT_CSUM_KEY) {
    		found_next = 1;
    		goto insert;
        }
    
    So just don't access such non-existent slot and don't set found_next to 1
    when the tree is empty. It's very unlikely we'll get a random key with the
    objectid and type values above, which is where we could go into trouble.
    
    If nritems is 0, just set found_next to 1 anyway as it will make us insert
    a csum item covering our whole extent (or the whole leaf) when the tree is
    empty.
    Signed-off-by: default avatarFilipe David Borba Manana <fdmanana@gmail.com>
    Signed-off-by: default avatarChris Mason <clm@fb.com>
    35045bf2
file-item.c 23.7 KB