btrfs-progs: check for item end outside of leaf

Enhance leaf check to verify item ends that looks otherwise fine but
would exceed leaf. Same check is done in kernel.

Reported-by: Robert Marklund <robbelibobban@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/ctree.c b/ctree.c
index 130c61f..e6e5689 100644 (file)
--- a/ctree.c
+++ b/ctree.c
@@ -521,6 +521,20 @@ btrfs_check_leaf(struct btrfs_root *root, struct btrfs_disk_key *parent_key,
                        goto fail;
                }
        }
+
+       for (i = 0; i < nritems; i++) {
+               if (btrfs_item_end_nr(buf, i) > BTRFS_LEAF_DATA_SIZE(root)) {
+                       btrfs_item_key(buf, &key, 0);
+                       btrfs_print_key(&key);
+                       fflush(stdout);
+                       ret = BTRFS_TREE_BLOCK_INVALID_OFFSETS;
+                       fprintf(stderr, "slot end outside of leaf %llu > %llu\n",
+                               (unsigned long long)btrfs_item_end_nr(buf, i),
+                               (unsigned long long)BTRFS_LEAF_DATA_SIZE(root));
+                       goto fail;
+               }
+       }
+
        return BTRFS_TREE_BLOCK_CLEAN;
 fail:
        if (btrfs_header_owner(buf) == BTRFS_EXTENT_TREE_OBJECTID) {