re: Btrfs: add support for multiple csum algorithms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Josef Bacik,

The patch 607d432da054: "Btrfs: add support for multiple csum 
algorithms" from Dec 2, 2008, leads to the following warning:
fs/btrfs/disk-io.c:298 csum_tree_block()
	 error: memcpy() '&found' too small (4 vs 9)

fs/btrfs/disk-io.c
   284          if (csum_size > sizeof(inline_result)) {
   285                  result = kzalloc(csum_size * sizeof(char), GFP_NOFS);
   286                  if (!result)
   287                          return 1;
   288          } else {
   289                  result = (char *)&inline_result;
   290          }
   291  
   292          btrfs_csum_final(crc, result);
   293  
   294          if (verify) {
   295                  if (memcmp_extent_buffer(buf, result, 0, csum_size)) {
   296                          u32 val;
   297                          u32 found = 0;
   298                          memcpy(&found, result, csum_size);
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Before that commit we used to memcpy() 4 bytes and it was fine, but now
csum_size can be larger than 4 bytes and there is a potential for
memory corruption.

   299  
   300                          read_extent_buffer(buf, &val, 0, csum_size);
                                                        ^^^^
Smatch complains that "val" is too small as well.

   301                          printk_ratelimited(KERN_INFO "btrfs: %s checksum verify "
   302                                         "failed on %llu wanted %X found %X "
   303                                         "level %d\n",
   304                                         root->fs_info->sb->s_id,
   305                                         (unsigned long long)buf->start, val, found,
   306                                         btrfs_header_level(buf));
   307                          if (result != (char *)&inline_result)
   308                                  kfree(result);
   309                          return 1;

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux