From: Yan, Zheng Date: Mon, 29 Aug 2011 01:25:53 +0000 (+0800) Subject: btrfs: check file extent backref offset underflow X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=84850e8d8a5ec7b9d3c47d224e9a10c9da52ff1b;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git btrfs: check file extent backref offset underflow Offset field in data extent backref can underflow if clone range ioctl is used. We can reliably detect the underflow because max file size is limited to 2^63 and max data extent size is limited by block group size. Signed-off-by: Zheng Yan --- diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 10af6a0e0865..24d654ce7a06 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -3322,8 +3322,11 @@ static int find_data_references(struct reloc_control *rc, } key.objectid = ref_objectid; - key.offset = ref_offset; key.type = BTRFS_EXTENT_DATA_KEY; + if (ref_offset > ((u64)-1 << 32)) + key.offset = 0; + else + key.offset = ref_offset; path->search_commit_root = 1; path->skip_locking = 1;