diff options
author | Yan <yanzheng@21cn.com> | 2007-10-29 12:01:05 -0400 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2008-09-25 11:03:57 -0400 |
commit | b56baf5bedccd3258643b09289f17ceab3ddea52 (patch) | |
tree | eb493a33d091f32deed028c4e66de0e9342c7628 /fs/btrfs | |
parent | 689f9346612d96ab93890160cf2fe0df5217ab73 (diff) |
Minor fix for btrfs_csum_file_block.
Execution should goto label 'insert' when 'btrfs_next_leaf' return a
non-zero value, otherwise the parameter 'slot' for
'btrfs_item_key_to_cpu' may be out of bounds. The original codes jump
to label 'insert' only when 'btrfs_next_leaf' return a negative
value.
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r-- | fs/btrfs/file-item.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index 482a2b615327..7eb9a5412e2f 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c | |||
@@ -178,13 +178,11 @@ int btrfs_csum_file_block(struct btrfs_trans_handle *trans, | |||
178 | nritems = btrfs_header_nritems(path->nodes[0]); | 178 | nritems = btrfs_header_nritems(path->nodes[0]); |
179 | if (path->slots[0] >= nritems - 1) { | 179 | if (path->slots[0] >= nritems - 1) { |
180 | ret = btrfs_next_leaf(root, path); | 180 | ret = btrfs_next_leaf(root, path); |
181 | if (ret == 1) { | 181 | if (ret == 1) |
182 | found_next = 1; | 182 | found_next = 1; |
183 | } else if (ret == 0) { | 183 | if (ret != 0) |
184 | slot = 0; | ||
185 | } else { | ||
186 | goto insert; | 184 | goto insert; |
187 | } | 185 | slot = 0; |
188 | } | 186 | } |
189 | btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot); | 187 | btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot); |
190 | if (found_key.objectid != objectid || | 188 | if (found_key.objectid != objectid || |
@@ -238,7 +236,7 @@ insert: | |||
238 | csum_offset = 0; | 236 | csum_offset = 0; |
239 | if (found_next) { | 237 | if (found_next) { |
240 | u64 tmp = min((u64)i_size_read(inode), next_offset); | 238 | u64 tmp = min((u64)i_size_read(inode), next_offset); |
241 | tmp -= offset + root->sectorsize - 1; | 239 | tmp -= offset & ~((u64)root->sectorsize -1); |
242 | tmp >>= root->fs_info->sb->s_blocksize_bits; | 240 | tmp >>= root->fs_info->sb->s_blocksize_bits; |
243 | tmp = max((u64)1, tmp); | 241 | tmp = max((u64)1, tmp); |
244 | tmp = min(tmp, (u64)MAX_CSUM_ITEMS(root)); | 242 | tmp = min(tmp, (u64)MAX_CSUM_ITEMS(root)); |