fs: btrfs: Fix tree traversal with btrfs_next_slot()

When traversing slots in a btree (via btrfs_path) with btrfs_next_slot(), we didn't correctly identify that the last slot in the leaf was reached and we should jump to the next leaf. This could lead to any kind of runtime errors or corruptions, like: * file data not being read at all, or is read partially * file is read but is corrupted * (any) metadata being corrupted or not read at all, etc The easiest way to reproduce this is to read a large enough file that its EXTENT_DATA items don't fit into a single leaf. Signed-off-by: Yevgeny Popovych <[email protected]> Cc: Marek Behun <[email protected]> Tested-by: Marek Behún <[email protected]>
Keerthyj · Oct 8, 2018 · 5b781cf · 5b781cf
1 parent 4a09472
commit 5b781cf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
@@ -272,7 +272,7 @@ int btrfs_next_slot(struct btrfs_path *p)
 {
 	struct btrfs_leaf *leaf = &p->nodes[0]->leaf;
 
-	if (p->slots[0] >= leaf->header.nritems)
+	if (p->slots[0] + 1 >= leaf->header.nritems)
 		return jump_leaf(p, 1);
 
 	p->slots[0]++;