[Ocfs2-tools-devel] [PATCH] libocfs2: Prevent endian swapping from scribbling over memory.

Tao Ma tao.ma at oracle.com
Wed Jul 29 18:53:27 PDT 2009 

Hi Joel,
	Sorry for the delay.

Joel Becker wrote:
> @@ -116,23 +133,40 @@ static void ocfs2_swap_xattr_entries_to_cpu(struct ocfs2_xattr_header *xh)
>  	for (i = 0; i < xh->xh_count; i++) {
>  		struct ocfs2_xattr_entry *xe = &xh->xh_entries[i];
>  
> +		if (ocfs2_swap_barrier(&fake_fs, obj, xe,
> +				       sizeof(struct ocfs2_xattr_entry)))
> +			break;
> +
>  		ocfs2_swap_xattr_entry(xe);
>  
> +		value = (char *)xh + xe->xe_name_offset +
> +			OCFS2_XATTR_SIZE(xe->xe_name_len);
> +
>  		if (!ocfs2_xattr_is_local(xe)) {
>  			struct ocfs2_xattr_value_root *xr =
> -				(struct ocfs2_xattr_value_root *)
> -				((char *)xh + xe->xe_name_offset +
> -				OCFS2_XATTR_SIZE(xe->xe_name_len));
> +				(struct ocfs2_xattr_value_root *)value;
> +
> +			if (ocfs2_swap_barrier(&fake_fs, obj, xr,
> +					       OCFS2_XATTR_ROOT_SIZE))
> +				break;
>  
>  			ocfs2_swap_xattr_value_root(xr);
> -			ocfs2_swap_extent_list_to_cpu(&xr->xr_list);
> -		}
> +			ocfs2_swap_extent_list_to_cpu(fs, xh, &xr->xr_list);
here we should use faked_fs since xr->xr_list may not be in the same 
buffer as xh.
> @@ -140,56 +174,86 @@ static void ocfs2_swap_xattr_entries_from_cpu(struct ocfs2_xattr_header *xh)
>  	for (i = 0; i < xh->xh_count; i++) {
>  		struct ocfs2_xattr_entry *xe = &xh->xh_entries[i];
>  
> +		if (ocfs2_swap_barrier(&fake_fs, obj, xe,
> +				       sizeof(struct ocfs2_xattr_entry)))
> +			break;
> +
> +		value = (char *)xh + xe->xe_name_offset +
> +			OCFS2_XATTR_SIZE(xe->xe_name_len);
> +
>  		if (!ocfs2_xattr_is_local(xe)) {
>  			struct ocfs2_xattr_value_root *xr =
> -				(struct ocfs2_xattr_value_root *)
> -				((char *)xh + xe->xe_name_offset +
> -				OCFS2_XATTR_SIZE(xe->xe_name_len));
> +				(struct ocfs2_xattr_value_root *)value;
> +
> +			if (ocfs2_swap_barrier(&fake_fs, obj, xr,
> +					       OCFS2_XATTR_ROOT_SIZE))
> +				break;
>  
> -			ocfs2_swap_extent_list_from_cpu(&xr->xr_list);
> +			ocfs2_swap_extent_list_from_cpu(fs, xh, &xr->xr_list);
ditto.

Regards,
Tao

More information about the Ocfs2-tools-devel mailing list