diff options
| author | Filipe Manana <[email protected]> | 2023-01-12 14:17:20 +0000 | 
|---|---|---|
| committer | David Sterba <[email protected]> | 2023-01-16 19:46:38 +0100 | 
| commit | 1f55ee6d0901d915801618bda0af4e5b937e3db7 (patch) | |
| tree | 5b586ab7e4951c99b0d65173ac3df49d856e68fc /lib/zstd/common/debug.h | |
| parent | 26ecf243e407be54807ad67210f7e83b9fad71ea (diff) | |
btrfs: fix invalid leaf access due to inline extent during lseek
During lseek, for SEEK_DATA and SEEK_HOLE modes, we access the disk_bytenr
of an extent without checking its type. However inline extents have their
data starting the offset of the disk_bytenr field, so accessing that field
when we have an inline extent can result in either of the following:
1) Interpret the inline extent's data as a disk_bytenr value;
2) In case the inline data is less than 8 bytes, we access part of some
   other item in the leaf, or unused space in the leaf;
3) In case the inline data is less than 8 bytes and the extent item is
   the first item in the leaf, we can access beyond the leaf's limit.
So fix this by not accessing the disk_bytenr field if we have an inline
extent.
Fixes: b6e833567ea1 ("btrfs: make hole and data seeking a lot more efficient")
Reported-by: Matthias Schoepfer <[email protected]>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216908
Link: https://lore.kernel.org/linux-btrfs/[email protected]/
CC: [email protected] # 6.1
Signed-off-by: Filipe Manana <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Diffstat (limited to 'lib/zstd/common/debug.h')
0 files changed, 0 insertions, 0 deletions