From 81e43dabc87ea9b2242456a8bbe9239e55cb841f Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Mon, 30 Nov 2015 16:44:29 +0100
Subject: [PATCH] btrfs-progs: handle invalid num_stripes in sys_array

We can handle the special case of num_stripes == 0 directly inside
btrfs_read_sys_array. The BUG_ON in btrfs_chunk_item_size is there to
catch other unhandled cases where we fail to validate external data,
like in btrfs-show-super.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 volumes.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/volumes.c b/volumes.c
index 32d9a5a..b4d489a 100644
--- a/volumes.c
+++ b/volumes.c
@@ -1839,6 +1839,14 @@ int btrfs_read_sys_array(struct btrfs_root *root)
 				goto out_short_read;
 
 			num_stripes = btrfs_chunk_num_stripes(sb, chunk);
+			if (!num_stripes) {
+				printk(
+	    "ERROR: invalid number of stripes %u in sys_array at offset %u\n",
+					num_stripes, cur_offset);
+				ret = -EIO;
+				break;
+			}
+
 			len = btrfs_chunk_item_size(num_stripes);
 			if (cur_offset + len > array_size)
 				goto out_short_read;
-- 
2.7.4