Hi Kangjie,
On Thu, Mar 14, 2019 at 8:47 AM Kangjie Lu <kjlu@xxxxxxx> wrote:
> If affs_bread fails, do not use ext_bh to avoid NULL pointer
> dereference
>
> Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>
Thanks for your patch!
> --- a/fs/affs/file.c
> +++ b/fs/affs/file.c
> @@ -835,7 +835,7 @@ void
> affs_truncate(struct inode *inode)
> {
> struct super_block *sb = inode->i_sb;
> - u32 ext, ext_key;
> + u32 ext, ext_key, ext_bk;
Why adding an intermediate variable (without __be32 tag)?
> u32 last_blk, blkcnt, blk;
> u32 size;
> struct buffer_head *ext_bh;
> @@ -941,8 +941,12 @@ affs_truncate(struct inode *inode)
> size = AFFS_SB(sb)->s_hashsize;
> if (size > blkcnt - blk)
> size = blkcnt - blk;
> - for (i = 0; i < size; i++, blk++)
> - affs_free_block(sb, be32_to_cpu(AFFS_BLOCK(sb, ext_bh, i)));
> + if (ext_bh) {
> + for (i = 0; i < size; i++, blk++) {
> + ext_bk = AFFS_BLOCK(sb, ext_bh, i);
> + affs_free_block(sb, be32_to_cpu(ext_bk));
> + }
Now this ignores all errors, silently.
What about handling actual errors, and propagating them up?
> + }
> affs_free_block(sb, ext_key);
> ext_key = be32_to_cpu(AFFS_TAIL(sb, ext_bh)->extension);
> affs_brelse(ext_bh);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
