Qu Wenruo
2014-Sep-30 02:39 UTC
[PATCH] btrfs-progs: Don't return any fs_info that contain NULL tree_root or fs_root.
[BUG] btrfsck will segfault if it fails to open the fs tree or tree root. [REPRODUCER] Execute btrfsck on a highly damaged btrfs image. fsfuzz can be used to make a junk btrfs image. [REASON] Current open_ctree() in btrfs-progs support OPEN_CTREE_PARTIAL flag to allow return fs_info even some of the trees is missing. However it is too loose and even allows fs_info containing no tree to be returned. And when it happens, fs_info->fs_root is NULL, close_ctree(fs_info->fs_root) will cause the access to NULL pointer and segfault. [FIX] This patch will add checks for fs_info->tree_root and fs_info->fs_root before return fs_info. Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com> --- disk-io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/disk-io.c b/disk-io.c index 26a532e..21a3083 100644 --- a/disk-io.c +++ b/disk-io.c @@ -1134,7 +1134,8 @@ static struct btrfs_fs_info *__open_ctree_fd(int fp, const char *path, return fs_info; out_failed: - if (flags & OPEN_CTREE_PARTIAL) + if (flags & OPEN_CTREE_PARTIAL && + fs_info->tree_root && fs_info->fs_root) return fs_info; out_chunk: btrfs_release_all_roots(fs_info); -- 2.1.1 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html