On Thu, Sep 11, 2014 at 10:02:16AM -0400, Chris Mason wrote:
On 09/09/2014 05:19 AM, rongqing.li@windriver.com wrote:
quoted
From: Li RongQing <redacted>
It is impossible that csum_size is larger than sizeof(long), but the codes
still add the handler for this condition, like allocate new memory, for
extension. If it becomes true someday, copying csum_size size memory to local
32bit variable found and val will overflow these two variables.
Fix it by returning the max 4 byte checksum.
Thanks for the patch. I'd rather not silently truncate the copy down
though. How about a one time check at mount to make sure the value in
the super is reasonable?
The check is already there, see btrfs_check_super_csum(), it validates
the csum_type that's later used to find the checksum size.