summaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorYevgeny Popovych <yevgenyp@pointgrab.com>2018-09-07 12:59:30 +0300
committerTom Rini <trini@konsulko.com>2018-10-08 14:45:02 -0400
commit5b781cf08dfbde906809a2d4741012f9ca972320 (patch)
tree925498717c6d110a737f6ddb335c203e66b5c82b /fs/btrfs
parent4a094725b4b1b51f67c526606dc4745c446fe4ea (diff)
downloadu-boot-5b781cf08dfbde906809a2d4741012f9ca972320.tar.gz
u-boot-5b781cf08dfbde906809a2d4741012f9ca972320.tar.xz
u-boot-5b781cf08dfbde906809a2d4741012f9ca972320.zip
fs: btrfs: Fix tree traversal with btrfs_next_slot()
When traversing slots in a btree (via btrfs_path) with btrfs_next_slot(), we didn't correctly identify that the last slot in the leaf was reached and we should jump to the next leaf. This could lead to any kind of runtime errors or corruptions, like: * file data not being read at all, or is read partially * file is read but is corrupted * (any) metadata being corrupted or not read at all, etc The easiest way to reproduce this is to read a large enough file that its EXTENT_DATA items don't fit into a single leaf. Signed-off-by: Yevgeny Popovych <yevgenyp@pointgrab.com> Cc: Marek Behun <marek.behun@nic.cz> Tested-by: Marek BehĂșn <marek.behun@nic.cz>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/ctree.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 18b47d92fe..d248d79932 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -272,7 +272,7 @@ int btrfs_next_slot(struct btrfs_path *p)
{
struct btrfs_leaf *leaf = &p->nodes[0]->leaf;
- if (p->slots[0] >= leaf->header.nritems)
+ if (p->slots[0] + 1 >= leaf->header.nritems)
return jump_leaf(p, 1);
p->slots[0]++;