We were putting the NUL terminator at BTRFS_PATH_NAME_MAX (4087) bytes
instead of BTRFS_SUBVOL_NAME_MAX (4039) so it corrupted memory.
Fixes: 22af1a869288 ('btrfs: introduce device delete by devid')
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 5224fc8..77c61b4 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2700,7 +2700,7 @@ static long btrfs_ioctl_rm_dev_v2(struct file *file, void __user *arg)
if (vol_args->flags & BTRFS_DEVICE_SPEC_BY_ID) {
ret = btrfs_rm_device(root, NULL, vol_args->devid);
} else {
- vol_args->name[BTRFS_PATH_NAME_MAX] = '\0';
+ vol_args->name[BTRFS_SUBVOL_NAME_MAX] = '\0';
ret = btrfs_rm_device(root, vol_args->name, 0);
}
mutex_unlock(&root->fs_info->volume_mutex);
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
