bcachefs: Fix a buffer overrun

In make_extent_indirect(), we were allocating too small of a buffer for
the new indirect extent.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>

diff --git a/fs/bcachefs/reflink.c b/fs/bcachefs/reflink.c
index a420729..6aa3772 100644 (file)
--- a/fs/bcachefs/reflink.c
+++ b/fs/bcachefs/reflink.c
@@ -138,7 +138,7 @@ static int bch2_make_extent_indirect(struct btree_trans *trans,
        /* rewind iter to start of hole, if necessary: */
        bch2_btree_iter_set_pos(reflink_iter, bkey_start_pos(k.k));
 
-       r_v = bch2_trans_kmalloc(trans, sizeof(__le64) + bkey_val_bytes(&orig->k));
+       r_v = bch2_trans_kmalloc(trans, sizeof(__le64) + bkey_bytes(&orig->k));
        ret = PTR_ERR_OR_ZERO(r_v);
        if (ret)
                goto err;
@@ -159,12 +159,6 @@ static int bch2_make_extent_indirect(struct btree_trans *trans,
        if (ret)
                goto err;
 
-       r_p = bch2_trans_kmalloc(trans, sizeof(*r_p));
-       if (IS_ERR(r_p)) {
-               ret = PTR_ERR(r_p);
-               goto err;
-       }
-
        orig->k.type = KEY_TYPE_reflink_p;
        r_p = bkey_i_to_reflink_p(orig);
        set_bkey_val_bytes(&r_p->k, sizeof(r_p->v));