Please sign in to comment.
btree: fix tree corruption in btree_get_prev()
commit cbf8ae3 upstream. The memory the parameter __key points to is used as an iterator in btree_get_prev(), so if we save off a bkey() pointer in retry_key and then assign that to __key, we'll end up corrupting the btree internals when we do eg longcpy(__key, bkey(geo, node, i), geo->keylen); to return the key value. What we should do instead is use longcpy() to copy the key value that retry_key points to __key. This can cause a btree to get corrupted by seemingly read-only operations such as btree_for_each_safe. [firstname.lastname@example.org: avoid the double longcpy()] Signed-off-by: Roland Dreier <email@example.com> Acked-by: Joern Engel <firstname.lastname@example.org> Signed-off-by: Andrew Morton <email@example.com> Signed-off-by: Linus Torvalds <firstname.lastname@example.org> Signed-off-by: Ben Hutchings <email@example.com>
- Loading branch information...