diff mbox

ext4: buffer underrun in ext4_ext_split()?

Message ID 4A7C7045.7040704@gmail.com
State New, archived
Headers show

Commit Message

roel kluin Aug. 7, 2009, 6:19 p.m. UTC 
If `depth' is less or equal to `at', a buffer underrun occurs

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
I am not sure whether this is possible.

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

roel kluin Aug. 7, 2009, 6:50 p.m. UTC | #1 
Op 07-08-09 20:19, Roel Kluin schreef:
> If `depth' is less or equal to `at', a buffer underrun occurs

s/underrun/overflow/g
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Theodore Ts'o Aug. 8, 2009, 3:32 a.m. UTC | #2 
On Fri, Aug 07, 2009 at 08:19:49PM +0200, Roel Kluin wrote:
> If `depth' is less or equal to `at', a buffer underrun occurs
> 
> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> ---
> I am not sure whether this is possible.

I'm pretty sure this could never happen.  ext4_ext_split is only
called from one place, and only when the leaf node is full.

       	    	       	   	     	      - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index afea652..25bc182 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -822,7 +822,7 @@  static int ext4_ext_split(handle_t *handle, struct inode *inode,
 	}
 
 	/* initialize new leaf */
-	newblock = ablocks[--a];
+	newblock = a ? ablocks[--a] : 0;
 	BUG_ON(newblock == 0);
 	bh = sb_getblk(inode->i_sb, newblock);
 	if (!bh) {