1
linux/fs/btrfs
Jesper Juhl ff175d57f0 btrfs: Don't pass NULL ptr to func that may deref it.
Hi,

In fs/btrfs/inode.c::fixup_tree_root_location() we have this code:

...
 		if (!path) {
 			err = -ENOMEM;
 			goto out;
 		}
...
 	out:
 		btrfs_free_path(path);
 		return err;

btrfs_free_path() passes its argument on to other functions and some of
them end up dereferencing the pointer.
In the code above that pointer is clearly NULL, so btrfs_free_path() will
eventually cause a NULL dereference.

There are many ways to cut this cake (fix the bug). The one I chose was to
make btrfs_free_path() deal gracefully with NULL pointers. If you
disagree, feel free to come up with an alternative patch.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
2011-01-16 11:30:20 -05:00
..
acl.c btrfs: Mem leak in btrfs_get_acl() 2011-01-16 11:30:19 -05:00
async-thread.c Btrfs: don't walk around with task->state != TASK_RUNNING 2010-05-25 10:34:58 -04:00
async-thread.h Btrfs: fix deadlock on async thread startup 2009-10-05 09:44:45 -04:00
btrfs_inode.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
compat.h
compression.c btrfs: Extract duplicate decompress code 2010-12-22 23:15:50 +08:00
compression.h btrfs: Extract duplicate decompress code 2010-12-22 23:15:50 +08:00
ctree.c btrfs: Don't pass NULL ptr to func that may deref it. 2011-01-16 11:30:20 -05:00
ctree.h btrfs: fix wrong free space information of btrfs 2011-01-16 11:30:19 -05:00
delayed-ref.c Btrfs: Integrate metadata reservation with start_transaction 2010-05-25 10:34:50 -04:00
delayed-ref.h Btrfs: Integrate metadata reservation with start_transaction 2010-05-25 10:34:50 -04:00
dir-item.c Btrfs: Fix variables set but not read (bugs found by gcc 4.6) 2010-10-29 15:14:31 -04:00
disk-io.c btrfs: mount failure return value fix 2011-01-16 11:30:19 -05:00
disk-io.h Btrfs: use async helpers for DIO write checksumming 2010-05-25 10:34:58 -04:00
export.c Btrfs: handle NFS lookups properly 2010-11-21 22:26:08 -05:00
export.h
extent_io.c btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
extent_io.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
extent_map.c btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
extent_map.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
extent-tree.c btrfs: fix wrong free space information of btrfs 2011-01-16 11:30:19 -05:00
file-item.c Btrfs: add basic DIO read/write support 2010-05-25 10:34:57 -04:00
file.c btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
free-space-cache.c Btrfs: deal with space cache errors better 2010-12-09 13:57:12 -05:00
free-space-cache.h Btrfs: load free space cache if it exists 2010-10-29 09:26:35 -04:00
hash.h Btrfs: remove crc32c.h and use libcrc32c directly. 2009-06-10 11:29:53 -04:00
inode-item.c Btrfs: Integrate metadata reservation with start_transaction 2010-05-25 10:34:50 -04:00
inode-map.c Btrfs: do not reuse objectid of deleted snapshot/subvol 2009-09-21 15:56:00 -04:00
inode.c Merge branch 'lzo-support' of git://repo.or.cz/linux-btrfs-devel into btrfs-38 2011-01-16 11:25:54 -05:00
ioctl.c Merge branch 'lzo-support' of git://repo.or.cz/linux-btrfs-devel into btrfs-38 2011-01-16 11:25:54 -05:00
ioctl.h Merge branch 'lzo-support' of git://repo.or.cz/linux-btrfs-devel into btrfs-38 2011-01-16 11:25:54 -05:00
Kconfig btrfs: Add lzo compression support 2010-12-22 23:15:47 +08:00
locking.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
locking.h
lzo.c btrfs: Extract duplicate decompress code 2010-12-22 23:15:50 +08:00
Makefile btrfs: Add lzo compression support 2010-12-22 23:15:47 +08:00
ordered-data.c btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
ordered-data.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
orphan.c Btrfs: fixup return code for btrfs_del_orphan_item 2010-12-09 13:57:15 -05:00
print-tree.c Btrfs: remove of redundant btrfs_header_level 2009-07-22 16:52:13 -04:00
print-tree.h
ref-cache.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ref-cache.h Btrfs: use RB_ROOT to intialize rb_trees instead of setting rb_node to NULL 2010-03-08 16:26:50 -05:00
relocation.c Btrfs: Fix variables set but not read (bugs found by gcc 4.6) 2010-10-29 15:14:31 -04:00
root-tree.c Btrfs: cleanup warnings from gcc 4.6 (nonbugs) 2010-10-29 15:14:37 -04:00
struct-funcs.c
super.c btrfs: fix wrong free space information of btrfs 2011-01-16 11:30:19 -05:00
sysfs.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
transaction.c Btrfs: Add readonly snapshots support 2010-12-23 08:49:17 +08:00
transaction.h Btrfs: Add readonly snapshots support 2010-12-23 08:49:17 +08:00
tree-defrag.c Btrfs: cleanup warnings from gcc 4.6 (nonbugs) 2010-10-29 15:14:37 -04:00
tree-log.c Btrfs: use dget_parent where we can UPDATED 2010-11-21 22:26:09 -05:00
tree-log.h Btrfs: Metadata ENOSPC handling for tree log 2010-05-25 10:34:53 -04:00
version.h
version.sh
volumes.c btrfs: mount failure return value fix 2011-01-16 11:30:19 -05:00
volumes.h btrfs: fix wrong free space information of btrfs 2011-01-16 11:30:19 -05:00
xattr.c Btrfs: Add readonly snapshots support 2010-12-23 08:49:17 +08:00
xattr.h btrfs: constify xattr_handler 2010-05-21 18:31:18 -04:00
zlib.c btrfs: Extract duplicate decompress code 2010-12-22 23:15:50 +08:00