From 918eeb32e9bd1d053bafc9d3c70ef420c21eeda9 Mon Sep 17 00:00:00 2001 From: Eric Sandeen Date: Sun, 27 May 2012 22:13:39 -0400 Subject: [PATCH] libext2fs: fix rbtree backend for extent lengths greater than 2^32 For a completely full filesystem with more than 2^32 blocks, the rbtree bitmap backend can assemble an extent of used blocks which is longer than 2^32. If it does, it will overflow ->count, and corrupt the rbtree for the bitmaps. Discovered by completely filling a 32T filesystem using fallocate, and then observing debugfs, dumpe2fs, and e2fsck all behaving badly. (Note that filling with only 31 x 1T files did not show the problem, because freespace was fragmented enough that there was no sufficiently long range of used blocks.) Reviewed-by: Andreas Dilger Signed-off-by: Eric Sandeen Signed-off-by: Theodore Ts'o --- lib/ext2fs/blkmap64_rb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ext2fs/blkmap64_rb.c b/lib/ext2fs/blkmap64_rb.c index 7ab72f4..a83f8ac 100644 --- a/lib/ext2fs/blkmap64_rb.c +++ b/lib/ext2fs/blkmap64_rb.c @@ -33,7 +33,7 @@ struct bmap_rb_extent { struct rb_node node; __u64 start; - __u32 count; + __u64 count; }; struct ext2fs_rb_private { -- 1.8.3.1