On Thu, Dec 31, 2020 at 06:23:53PM +0300, Konstantin Komarov wrote:
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> +void fnd_clear(struct ntfs_fnd *fnd)
> +{
> + int i;
> +
> + for (i = 0; i < fnd->level; i++) {
> + struct indx_node *n = fnd->nodes[i];
> +
> + if (!n)
> + continue;
> +
> + put_indx_node(n);
> + fnd->nodes[i] = NULL;
> + }
> + fnd->level = 0;
> + fnd->root_de = NULL;
> +}
> +
> +static int fnd_push(struct ntfs_fnd *fnd, struct indx_node *n,
> + struct NTFS_DE *e)
> +{
> + int i;
> +
> + i = fnd->level;
> + if (i < 0 || i >= ARRAY_SIZE(fnd->nodes))
> + return -EINVAL;
> + fnd->nodes[i] = n;
> + fnd->de[i] = e;
> + fnd->level += 1;
> + return 0;
> +}
> +
> +static struct indx_node *fnd_pop(struct ntfs_fnd *fnd)
> +{
> + struct indx_node *n;
> + int i = fnd->level;
> +
> + i -= 1;
> + n = fnd->nodes[i];
> + fnd->nodes[i] = NULL;
> + fnd->level = i;
> +
> + return n;
> +}
> +
> +static bool fnd_is_empty(struct ntfs_fnd *fnd)
> +{
> + if (!fnd->level)
> + return !fnd->root_de;
> +
> + return !fnd->de[fnd->level - 1];
> +}
> +
> +struct ntfs_fnd *fnd_get(struct ntfs_index *indx)
> +{
> + struct ntfs_fnd *fnd = ntfs_alloc(sizeof(struct ntfs_fnd), 1);
> +
> + if (!fnd)
> + return NULL;
> +
> + return fnd;
> +}
This should be initilized. What about that indx. Is that neccasarry?
Also no need to check NULL because if it is NULL we can just return it.
> +
> +void fnd_put(struct ntfs_fnd *fnd)
> +{
> + if (!fnd)
> + return;
> + fnd_clear(fnd);
> + ntfs_free(fnd);
> +}
> +/*
> + * indx_insert_entry
> + *
> + * inserts new entry into index
> + */
> +int indx_insert_entry(struct ntfs_index *indx, struct ntfs_inode *ni,
> + const struct NTFS_DE *new_de, const void *ctx,
> + struct ntfs_fnd *fnd)
> +{
> + int err;
> + int diff;
> + struct NTFS_DE *e;
> + struct ntfs_fnd *fnd_a = NULL;
> + struct INDEX_ROOT *root;
> +
> + if (!fnd) {
> + fnd_a = fnd_get(indx);
Here we get uninitilized fnd.
> + if (!fnd_a) {
> + err = -ENOMEM;
> + goto out1;
> + }
> + fnd = fnd_a;
> + }
> +
> + root = indx_get_root(indx, ni, NULL, NULL);
> + if (!root) {
> + err = -EINVAL;
> + goto out;
> + }
> +
> + if (fnd_is_empty(fnd)) {
And example here we try to touch it.
> + /* Find the spot the tree where we want to insert the new entry. */
> + err = indx_find(indx, ni, root, new_de + 1,
> + le16_to_cpu(new_de->key_size), ctx, &diff, &e,
> + fnd);
> + if (err)
> + goto out;
> +
> + if (!diff) {
> + err = -EEXIST;
> + goto out;
> + }
> + }
> +
> + if (!fnd->level) {
> + /* The root is also a leaf, so we'll insert the new entry into it. */
> + err = indx_insert_into_root(indx, ni, new_de, fnd->root_de, ctx,
> + fnd);
> + if (err)
> + goto out;
> + } else {
> + /* found a leaf buffer, so we'll insert the new entry into it.*/
> + err = indx_insert_into_buffer(indx, ni, root, new_de, ctx,
> + fnd->level - 1, fnd);
> + if (err)
> + goto out;
> + }
> +
> +out:
> + fnd_put(fnd_a);
> +out1:
> + return err;
> +}
