Message ID | alpine.DEB.2.00.0901302346430.12904@bikeee |
---|---|
State | Accepted, archived |
Headers | show |
On Tue, Feb 03, 2009 at 10:49:22AM +0300, Dan Carpenter wrote: > There is a potential null dereference of tmp_inode. > > The patch also removes an unnecessary check for whether tmp_inode is null. > > This was found through a code checker (http://repo.or.cz/w/smatch.git/). > It looks like you might be able to trigger the error by trying to migrate > a readonly file system. I have only compile tested though, sorry. Thanks, I've included this in the ext4 patch queue to be pushed to Linus. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
--- orig/fs/ext4/migrate.c 2009-01-30 23:55:33.000000000 +0300 +++ devel/fs/ext4/migrate.c 2009-01-30 23:57:14.000000000 +0300 @@ -481,7 +481,7 @@ + 1); if (IS_ERR(handle)) { retval = PTR_ERR(handle); - goto err_out; + return retval; } tmp_inode = ext4_new_inode(handle, inode->i_sb->s_root->d_inode, @@ -489,8 +489,7 @@ if (IS_ERR(tmp_inode)) { retval = -ENOMEM; ext4_journal_stop(handle); - tmp_inode = NULL; - goto err_out; + return retval; } i_size_write(tmp_inode, i_size_read(inode)); /* @@ -618,8 +617,7 @@ ext4_journal_stop(handle); - if (tmp_inode) - iput(tmp_inode); + iput(tmp_inode); return retval; }
There is a potential null dereference of tmp_inode. The patch also removes an unnecessary check for whether tmp_inode is null. This was found through a code checker (http://repo.or.cz/w/smatch.git/). It looks like you might be able to trigger the error by trying to migrate a readonly file system. I have only compile tested though, sorry. regards, dan carpenter Signed-off-by: Dan Carpenter <error27@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html