diff options
author | Gabriel de Perthuis <g2p.code@gmail.com> | 2012-10-10 08:50:47 -0600 |
---|---|---|
committer | Chris Mason <chris.mason@fusionio.com> | 2012-10-25 15:39:47 -0400 |
commit | 661bec6ba884b86517ef5ea529aabb281a7198d9 (patch) | |
tree | 22881cdc9bf3d67c78ee07b24195885b0f0f223f /fs | |
parent | f46dbe3dee853f8a860f889cb2b7ff4c624f2a7a (diff) | |
download | linux-661bec6ba884b86517ef5ea529aabb281a7198d9.tar.gz linux-661bec6ba884b86517ef5ea529aabb281a7198d9.tar.bz2 linux-661bec6ba884b86517ef5ea529aabb281a7198d9.zip |
Fix a sign bug causing invalid memory access in the ino_paths ioctl.
To see the problem, create many hardlinks to the same file (120 should do it),
then look up paths by inode with:
ls -i
btrfs inspect inode-resolve -v $ino /mnt/btrfs
I noticed the memory layout of the fspath->val data had some irregularities
(some unnecessary gaps that stop appearing about halfway),
so I'm not sure there aren't any bugs left in it.
Diffstat (limited to 'fs')
-rw-r--r-- | fs/btrfs/backref.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index f3187938e081..2bcbea3f6308 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -1186,7 +1186,7 @@ static char *ref_to_path(struct btrfs_root *fs_root, int slot; u64 next_inum; int ret; - s64 bytes_left = size - 1; + s64 bytes_left = ((s64)size) - 1; struct extent_buffer *eb = eb_in; struct btrfs_key found_key; int leave_spinning = path->leave_spinning; |