From 76ada77ea30a672f0d7e0ce2c8588904c4f87b8f Mon Sep 17 00:00:00 2001
From: Stefan Behrens <sbehrens@giantdisaster.de>
Date: Tue, 24 Apr 2012 18:10:16 +0200
Subject: [PATCH] --- yaml --- r: 309904 b: refs/heads/master c:
 86ff7ffce0b93aed14df4c8dcedd05bb5e2fdfbc h: refs/heads/master v: v3

---
 [refs]                           |  2 +-
 trunk/fs/btrfs/check-integrity.c | 25 ++++++++++++++++++++++---
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/[refs] b/[refs]
index 57887a93537b..089a5aba0731 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 3d136a1131c66f7d26fb171e4c5b0b8baacd3129
+refs/heads/master: 86ff7ffce0b93aed14df4c8dcedd05bb5e2fdfbc
diff --git a/trunk/fs/btrfs/check-integrity.c b/trunk/fs/btrfs/check-integrity.c
index 7f6cc359e440..ed7618389327 100644
--- a/trunk/fs/btrfs/check-integrity.c
+++ b/trunk/fs/btrfs/check-integrity.c
@@ -1428,6 +1428,28 @@ static int btrfsic_handle_extent_data(
 
 	file_extent_item_offset = offsetof(struct btrfs_leaf, items) +
 				  item_offset;
+	if (file_extent_item_offset +
+	    offsetof(struct btrfs_file_extent_item, disk_num_bytes) >
+	    block_ctx->len) {
+		printk(KERN_INFO
+		       "btrfsic: file item out of bounce at logical %llu, dev %s\n",
+		       block_ctx->start, block_ctx->dev->name);
+		return -1;
+	}
+
+	btrfsic_read_from_block_data(block_ctx, &file_extent_item,
+		file_extent_item_offset,
+		offsetof(struct btrfs_file_extent_item, disk_num_bytes));
+	if (BTRFS_FILE_EXTENT_REG != file_extent_item.type ||
+	    ((u64)0) == le64_to_cpu(file_extent_item.disk_bytenr)) {
+		if (state->print_mask & BTRFSIC_PRINT_MASK_VERY_VERBOSE)
+			printk(KERN_INFO "extent_data: type %u, disk_bytenr = %llu\n",
+			       file_extent_item.type,
+			       (unsigned long long)
+			       le64_to_cpu(file_extent_item.disk_bytenr));
+		return 0;
+	}
+
 	if (file_extent_item_offset + sizeof(struct btrfs_file_extent_item) >
 	    block_ctx->len) {
 		printk(KERN_INFO
@@ -1452,9 +1474,6 @@ static int btrfsic_handle_extent_data(
 		       le64_to_cpu(file_extent_item.disk_bytenr),
 		       (unsigned long long)le64_to_cpu(file_extent_item.offset),
 		       (unsigned long long)num_bytes);
-	if (BTRFS_FILE_EXTENT_REG != file_extent_item.type ||
-	    ((u64)0) == le64_to_cpu(file_extent_item.disk_bytenr))
-		return 0;
 	while (num_bytes > 0) {
 		u32 chunk_len;
 		int num_copies;