42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From c25e62f4e0532dfb55e2c81a6e236edfeffa8c11 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Kabelac <zkabelac@redhat.com>
|
|
Date: Sun, 29 Jun 2025 20:47:13 +0200
|
|
Subject: [PATCH 26/47] cov: prevent potential negative array index
|
|
|
|
The _stats_map_extents() function processes file extents returned
|
|
by FIEMAP ioctl calls. When handling the case where a file has
|
|
only a single extent, the code accesses fm_ext[i - 1] to check
|
|
if the logical offset is 0.
|
|
|
|
However, when i is 0 (no extents processed yet), this results in a negative
|
|
array index access which can cause undefined behavior or crashes.
|
|
|
|
So check early whether there are fm_mapped_extents to process.
|
|
This avoids using negative index array.
|
|
|
|
Existing code already checks fm_mapped_extents == 0 before calling
|
|
this function so the patch is not fixing any real bug.
|
|
|
|
(cherry picked from commit 2a2ad7317f19f15982045d847aacd74922a28572)
|
|
---
|
|
libdm/libdm-stats.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/libdm/libdm-stats.c b/libdm/libdm-stats.c
|
|
index cbcbb6754..53c3c5480 100644
|
|
--- a/libdm/libdm-stats.c
|
|
+++ b/libdm/libdm-stats.c
|
|
@@ -4411,6 +4411,9 @@ static uint64_t _stats_map_extents(int fd, struct dm_pool *mem,
|
|
uint64_t expected = 0, nr_extents = next_extent;
|
|
unsigned int i;
|
|
|
|
+ if (!fiemap->fm_mapped_extents)
|
|
+ return 0;
|
|
+
|
|
/*
|
|
* Loop over the returned extents adding the fm_pending extent
|
|
* to the table of extents each time a discontinuity (or eof)
|
|
--
|
|
2.51.0
|
|
|