Commit 54a7081e authored Jun 23, 2025 by Filipe Manana Committed by David Sterba Jun 27, 2025

btrfs: fix iteration of extrefs during log replay



At __inode_add_ref() when processing extrefs, if we jump into the next
label we have an undefined value of victim_name.len, since we haven't
initialized it before we did the goto. This results in an invalid memory
access in the next iteration of the loop since victim_name.len was not
initialized to the length of the name of the current extref.

Fix this by initializing victim_name.len with the current extref's name
length.

Fixes: e43eec81 ("btrfs: use struct qstr instead of name and namelen pairs")
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

parent 6561a40c

fs/btrfs/tree-log.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1148,13 +1148,13 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans,
		struct fscrypt_str victim_name;

		extref = (struct btrfs_inode_extref *)(base + cur_offset);
		victim_name.len = btrfs_inode_extref_name_len(leaf, extref);

		if (btrfs_inode_extref_parent(leaf, extref) != parent_objectid)
		goto next;

		ret = read_alloc_one_name(leaf, &extref->name,
		btrfs_inode_extref_name_len(leaf, extref),
		&victim_name);
		victim_name.len, &victim_name);
		if (ret)
		return ret;