bcachefs: Fix journal_entry_dev_usage_to_text() overrun

If the jset_entry_dev_usage is malformed, and too small, our nr_entries
calculation will be incorrect - just bail out.

Reported-by: syzbot+05d7520be047c9be86e0@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Kent Overstreet 2024-11-11 16:01:38 -05:00
parent 2642084f26
commit 657d4282d8

View File

@ -708,6 +708,9 @@ static void journal_entry_dev_usage_to_text(struct printbuf *out, struct bch_fs
container_of(entry, struct jset_entry_dev_usage, entry); container_of(entry, struct jset_entry_dev_usage, entry);
unsigned i, nr_types = jset_entry_dev_usage_nr_types(u); unsigned i, nr_types = jset_entry_dev_usage_nr_types(u);
if (vstruct_bytes(entry) < sizeof(*u))
return;
prt_printf(out, "dev=%u", le32_to_cpu(u->dev)); prt_printf(out, "dev=%u", le32_to_cpu(u->dev));
printbuf_indent_add(out, 2); printbuf_indent_add(out, 2);