master

分支 (32)

标签 (20)

管理

管理

master

openEuler-24.03-LTS

openEuler-24.03-LTS-Next

sync-pr70-master-to-openEuler-24.09

openEuler-24.09

sync-pr70-master-to-openEuler-24.03-LTS-Next

sync-pr66-master-to-openEuler-24.09

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS

sync-pr43-master-to-openEuler-24.03-LTS-Next

sync-pr43-master-to-openEuler-24.03-LTS

sync-pr31-master-to-openEuler-24.03-LTS-Next

sync-pr31-master-to-openEuler-24.03-LTS

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-Next

openEuler-23.09

openEuler-23.03

openEuler-21.03

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

btrfs-progs
/
0015-btrfs-progs-convert-fix-the-file...

From a927cb1b0acc814a3a6d383dc32b781ecc567c85 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu@suse.com>
Date: Mon, 15 Jul 2024 13:56:14 +0930
Subject: [PATCH] btrfs-progs: convert: fix the filename output when rolling
 back
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[BUG]
When rolling back a converted btrfs, the filename output is corrupted:

  $ btrfs-convert -r  ~/test.img
  btrfs-convert from btrfs-progs v6.9.2

  Open filesystem for rollback:
    Label:
    UUID:            df54baf3-c91e-4956-96f9-99413a857576
    Restoring from:  ext2_saved0ƨy/image
                               ^^^ Corruption
  Rollback succeeded

[CAUSE]
The error is in how we handle the filename.  In btrfs all our strings
are not '\0' terminated, but with explicit length.

But in C, most strings are '\0' terminated, so after reading a filename
from btrfs, we need to manually terminate the string.

However the code adding the terminating '\0' looks like this:

	/* Get the filename length. */
	name_len = btrfs_root_ref_name_len(path.nodes[0], root_ref_item);

	/*
	 * This should not happen, but as an extra handling for possible
	 * corrupted btrfs.
	 */
	if (name_len > sizeof(dir_name))
		name_len = sizeof(dir_name) - 1;
	/* Got the real filename into our buffer. */
 	read_extent_buffer(path.nodes[0], dir_name, (unsigned long)(root_ref_item + 1), name_len);

	/* Terminate the string. */
	dir_name[sizeof(dir_name) - 1] = 0;

The problem is, the final termination is totally wrong, it always make
the last buffer char '\0', not using the @name_len we read before.

[FIX]
Use @name_len to terminate the string, as we have already updated it to
handle buffer overflow, it can handle both the regular and corrupted
case.

Fixes: dc29a5c51d63 ("btrfs-progs: convert: update default output")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 convert/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/convert/main.c b/convert/main.c
index c9e50c0..9e93414 100644
--- a/convert/main.c
+++ b/convert/main.c
@@ -1719,7 +1719,7 @@ static int do_rollback(const char *devname)
 	if (name_len > sizeof(dir_name))
 		name_len = sizeof(dir_name) - 1;
 	read_extent_buffer(path.nodes[0], dir_name, (unsigned long)(root_ref_item + 1), name_len);
-	dir_name[sizeof(dir_name) - 1] = 0;
+	dir_name[name_len] = 0;

 	printf("  Restoring from:  %s/%s\n", dir_name, image_name);

--
2.43.0