bcachefs: Fix unsafety in bch2_dirent_name_bytes()

Reported-by: syzbot+84fa6fb8c7f98b93cdea@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/dirent.c b/fs/bcachefs/dirent.c
index 6bbf9a7d9e4d2cd17ea1742284176a4b43b7343c..c67460d8205db44ac5084eb62cb7d0f7e2cf4edd 100644 (file)
--- a/fs/bcachefs/dirent.c
+++ b/fs/bcachefs/dirent.c
@@ -15,6 +15,9 @@
 
 static unsigned bch2_dirent_name_bytes(struct bkey_s_c_dirent d)
 {
+       if (bkey_val_bytes(d.k) < offsetof(struct bch_dirent, d_name))
+               return 0;
+
        unsigned bkey_u64s = bkey_val_u64s(d.k);
        unsigned bkey_bytes = bkey_u64s * sizeof(u64);
        u64 last_u64 = ((u64*)d.v)[bkey_u64s - 1];