From 24dd00b1042cc45b24799eaa156da097fbf55a92 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto@cvs.openbsd.org>
Date: Mon, 29 Dec 2008 18:06:11 +0000
Subject: Some forms of inode corruption can make remsize and thus isize go
 negative and cause SEGVs. Handle this the same as an out of range blockno. ok
 jsg@ (also victim) pedro@ thib@

---
 sbin/fsck_ffs/inode.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/fsck_ffs/inode.c b/sbin/fsck_ffs/inode.c
index bdca6524c27..c253ea9e8b3 100644
--- a/sbin/fsck_ffs/inode.c
+++ b/sbin/fsck_ffs/inode.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inode.c,v 1.31 2008/06/10 23:10:29 otto Exp $	*/
+/*	$OpenBSD: inode.c,v 1.32 2008/12/29 18:06:10 otto Exp $	*/
 /*	$NetBSD: inode.c,v 1.23 1996/10/11 20:15:47 thorpej Exp $	*/
 
 /*
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)inode.c	8.5 (Berkeley) 2/8/95";
 #else
-static const char rcsid[] = "$OpenBSD: inode.c,v 1.31 2008/06/10 23:10:29 otto Exp $";
+static const char rcsid[] = "$OpenBSD: inode.c,v 1.32 2008/12/29 18:06:10 otto Exp $";
 #endif
 #endif /* not lint */
 
@@ -168,7 +168,7 @@ iblock(struct inodesc *idesc, long ilevel, off_t isize)
 			return (n);
 	} else
 		func = dirscan;
-	if (chkrange(idesc->id_blkno, idesc->id_numfrags))
+	if (isize < 0 || chkrange(idesc->id_blkno, idesc->id_numfrags))
 		return (SKIP);
 	bp = getdatablk(idesc->id_blkno, sblock.fs_bsize);
 	ilevel--;
-- 
cgit v1.2.3