On Thu, Jun 19, 2008 at 03:54:27PM +0800, Shen Feng wrote:
>
> In ext4_ext_insert_extent, when path is assigned by
> npath, there is a memory leak and then path points to
> a freed memory after the function returns becasue
> npath and path point to the same memory address
> and npath is freed.
NACK. The refs are dropped and path freed in the caller.
For example look at ext4_ext_get_blocks we drop the path reference
at
2741 out2:
2742 if (path) {
2743 ext4_ext_drop_refs(path);
2744 kfree(path);
2745 }
in ext4_ext_insert_extent we use npath as a local variable
and is freed toward the end.
>
> Signed-off-by: Shen Feng <shen@xxxxxxxxxxxxxx>
> ---
> fs/ext4/extents.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 3f6be32..71a56f1 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -1497,6 +1497,8 @@ repeat:
> if (le16_to_cpu(eh->eh_entries) < le16_to_cpu(eh->eh_max)) {
> ext_debug("next leaf isnt full(%d)\n",
> le16_to_cpu(eh->eh_entries));
> + ext4_ext_drop_refs(path);
> + kfree(path);
> path = npath;
> goto repeat;
> }
> @@ -1578,7 +1580,7 @@ merge:
> err = ext4_ext_dirty(handle, inode, path + depth);
>
> cleanup:
> - if (npath) {
> + if (npath && npath != path) {
> ext4_ext_drop_refs(npath);
> kfree(npath);
> }
> --
> 1.5.5.1
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
