LU-7867 debugfs: fix check for out-of-bound xattr value

Since upsream commit 8a546777119c9c0, the validity check for in-inode
xattrs in internal_dump_inode_extra() has been incorrectly checking
the value size.  The value can go right to the end of the inode.

Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Change-Id: Id20861df7c973d76a433aecfcfd125ca32ce117b
Reviewed-on: http://review.whamcloud.com/18999
Reviewed-by: Fan Yong <fan.yong@intel.com>
Tested-by: Jenkins
Reviewed-by: Matt Ezell <ezellma@ornl.gov>

diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index c8eff77..73fedc4 100644 (file)
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -610,7 +610,7 @@ static void internal_dump_inode_extra(FILE *out,
                                        entry->e_value_inum != 0;
 
                        if (name + entry->e_name_len >= end ||
                                        entry->e_value_inum != 0;
 
                        if (name + entry->e_name_len >= end ||

-                           (!ea_inode && value + entry->e_value_size >= end) ||
+                           (!ea_inode && value + entry->e_value_size > end) ||

                            (char *)next >= end) {
                                fprintf(out, "invalid EA entry in inode\n");
                                return;
                            (char *)next >= end) {
                                fprintf(out, "invalid EA entry in inode\n");
                                return;