summaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorFilipe Manana <fdmanana@gmail.com>2014-05-21 17:38:13 +0100
committerChris Mason <clm@fb.com>2014-06-06 12:00:46 -0700
commit01a9a8a9e20012f5676ec9cd16b6aed08b267066 (patch)
treeb824de5fffb1f0acccc79de5575b47d6298f97ec /fs/btrfs
parentfad01e866afdbe01a1f3ec06a39c3a8b9e197014 (diff)
downloadlinux-stable-01a9a8a9e20012f5676ec9cd16b6aed08b267066.tar.gz
linux-stable-01a9a8a9e20012f5676ec9cd16b6aed08b267066.tar.bz2
linux-stable-01a9a8a9e20012f5676ec9cd16b6aed08b267066.zip
Btrfs: send, fix corrupted path strings for long paths
If a path has more than 230 characters, we allocate a new buffer to use for the path, but we were forgotting to copy the contents of the previous buffer into the new one, which has random content from the kmalloc call. Test: mkfs.btrfs -f /dev/sdd mount /dev/sdd /mnt TEST_PATH="/mnt/fdmanana/.config/google-chrome-mysetup/Default/Pepper_Data/Shockwave_Flash/WritableRoot/#SharedObjects/JSHJ4ZKN/s.wsj.net/[[IMPORT]]/players.edgesuite.net/flash/plugins/osmf/advanced-streaming-plugin/v2.7/osmf1.6/Ak#" mkdir -p $TEST_PATH echo "hello world" > $TEST_PATH/amaiAdvancedStreamingPlugin.txt btrfs subvolume snapshot -r /mnt /mnt/mysnap1 btrfs send /mnt/mysnap1 -f /tmp/1.snap A test for xfstests follows. Signed-off-by: Filipe David Borba Manana <fdmanana@gmail.com> Cc: Marc Merlin <marc@merlins.org> Tested-by: Marc MERLIN <marc@merlins.org> Signed-off-by: Chris Mason <clm@fb.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/send.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index fd38b5053479..484aacac2c89 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -360,10 +360,13 @@ static int fs_path_ensure_buf(struct fs_path *p, int len)
/*
* First time the inline_buf does not suffice
*/
- if (p->buf == p->inline_buf)
+ if (p->buf == p->inline_buf) {
tmp_buf = kmalloc(len, GFP_NOFS);
- else
+ if (tmp_buf)
+ memcpy(tmp_buf, p->buf, old_buf_len);
+ } else {
tmp_buf = krealloc(p->buf, len, GFP_NOFS);
+ }
if (!tmp_buf)
return -ENOMEM;
p->buf = tmp_buf;