diff options
author | Dmitry Monakhov <dmonakhov@openvz.org> | 2014-04-13 15:41:13 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2014-04-13 15:41:13 -0400 |
commit | a18ed359bdddcded4f97ff5e2f07793ff9336913 (patch) | |
tree | e97441cbb56686a6d6b30cb562435f01ca6ddb8a | |
parent | 8dc79ec4c0537e1b83c0739af82a7babefb30012 (diff) | |
download | linux-a18ed359bdddcded4f97ff5e2f07793ff9336913.tar.gz linux-a18ed359bdddcded4f97ff5e2f07793ff9336913.tar.bz2 linux-a18ed359bdddcded4f97ff5e2f07793ff9336913.zip |
ext4: always check ext4_ext_find_extent result
Where are some places where logic guaranties us that extent we are
searching exits, but this may not be true due to on-disk data
corruption. If such corruption happens we must prevent possible
null pointer dereferences.
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-rw-r--r-- | fs/ext4/extents.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 38be06354b88..64b400356cad 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3313,6 +3313,11 @@ static int ext4_split_extent(handle_t *handle, return PTR_ERR(path); depth = ext_depth(inode); ex = path[depth].p_ext; + if (!ex) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", + (unsigned long) map->m_lblk); + return -EIO; + } uninitialized = ext4_ext_is_uninitialized(ex); split_flag1 = 0; @@ -3694,6 +3699,12 @@ static int ext4_convert_initialized_extents(handle_t *handle, } depth = ext_depth(inode); ex = path[depth].p_ext; + if (!ex) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", + (unsigned long) map->m_lblk); + err = -EIO; + goto out; + } } err = ext4_ext_get_access(handle, inode, path + depth); @@ -5340,6 +5351,12 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle, return PTR_ERR(path); depth = path->p_depth; extent = path[depth].p_ext; + if (!extent) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", + (unsigned long) start); + return -EIO; + } + current_block = le32_to_cpu(extent->ee_block); if (start > current_block) { /* Hole, move to the next extent */ |