On Fri, 2018-06-29 at 15:34 -0300, Ernesto A. Fernández wrote:
> The hfs_find_exit() function expects fd->bnode to be NULL after a
> search has failed. The hfs_brec_insert() function may instead set
> it to an error-valued pointer. Fix this to prevent a crash.
>
> Reported-by: Anatoly Trosinenko <anatoly.trosinenko@xxxxxxxxx>
> Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@xxxxxxxxx>
> ---
> fs/hfsplus/brec.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
> index 808f4d8c859c..ed8eacb34452 100644
> --- a/fs/hfsplus/brec.c
> +++ b/fs/hfsplus/brec.c
> @@ -73,9 +73,10 @@ int hfs_brec_insert(struct hfs_find_data *fd, void *entry, int entry_len)
> if (!fd->bnode) {
> if (!tree->root)
> hfs_btree_inc_height(tree);
> - fd->bnode = hfs_bnode_find(tree, tree->leaf_head);
> - if (IS_ERR(fd->bnode))
> - return PTR_ERR(fd->bnode);
Are you sure that no caller is used this error code? Did you check this?
Maybe, it makes sense to extract the error code and to show the error
message on the caller side instead of processing the simple NULL?
Thanks,
Vyacheslav Dubeyko.
> + node = hfs_bnode_find(tree, tree->leaf_head);
> + if (IS_ERR(node))
> + return PTR_ERR(node);
> + fd->bnode = node;
> fd->record = -1;
> }
> new_node = NULL;
