diff options
| author | Sergei Trofimovich <slyfox@gentoo.org> | 2011-06-04 11:19:21 +0300 |
|---|---|---|
| committer | Chris Mason <chris.mason@oracle.com> | 2011-10-25 09:18:58 -0400 |
| commit | 8e4b7e883abfca81cd864808da729b2227cff34c (patch) | |
| tree | 3f56df8b1dd5ef4d163edf2c316ceb68cd4f3efc | |
| parent | f509f1762e054c3f9bd5e4321dce9240bfd5b03a (diff) | |
| download | btrfs-progs-8e4b7e883abfca81cd864808da729b2227cff34c.tar.gz | |
mkfs.btrfs: write zeroes instead on uninitialized data.
Found by valgrind:
==8968== Use of uninitialised value of size 8
==8968== at 0x41CE7D: crc32c_le (crc32c.c:98)
==8968== by 0x40A1D0: csum_tree_block_size (disk-io.c:82)
==8968== by 0x40A2D4: csum_tree_block (disk-io.c:105)
==8968== by 0x40A7D6: write_tree_block (disk-io.c:241)
==8968== by 0x40ACEE: __commit_transaction (disk-io.c:354)
==8968== by 0x40AE9E: btrfs_commit_transaction (disk-io.c:385)
==8968== by 0x42CF66: make_image (mkfs.c:1061)
==8968== by 0x42DE63: main (mkfs.c:1410)
==8968== Uninitialised value was created by a stack allocation
==8968== at 0x42B5FB: add_inode_items (mkfs.c:493)
1. On-disk inode format has reserved (and thus, random at alloc time) fields:
btrfs_inode_item: __le64 reserved[4]
2. Sometimes extents are created on disk without writing data there.
(Or at least not all data is written there). Kernel code always had
it kzalloc'ed.
Zero them all.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Hugo Mills <hugo@carfax.org.uk>
| -rw-r--r-- | extent_io.c | 1 | ||||
| -rw-r--r-- | mkfs.c | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/extent_io.c b/extent_io.c index 70fecbbf..8f0a8763 100644 --- a/extent_io.c +++ b/extent_io.c @@ -568,6 +568,7 @@ static struct extent_buffer *__alloc_extent_buffer(struct extent_io_tree *tree, BUG(); return NULL; } + memset(eb, 0, sizeof(struct extent_buffer) + blocksize); eb->start = bytenr; eb->len = blocksize; @@ -411,6 +411,13 @@ static int fill_inode_item(struct btrfs_trans_handle *trans, u64 blocks = 0; u64 sectorsize = root->sectorsize; + /* + * btrfs_inode_item has some reserved fields + * and represents on-disk inode entry, so + * zero everything to prevent information leak + */ + memset(dst, 0, sizeof (*dst)); + btrfs_set_stack_inode_generation(dst, trans->transid); btrfs_set_stack_inode_size(dst, src->st_size); btrfs_set_stack_inode_nbytes(dst, 0); |