In the event that hfs_brec_keylen() fails, an error is returned to the caller of __hfs_brec_find() and the struct hfs_find_data is not initialized. The result needs to be checked before attempting to read any fields from fd. Reported-by: syzbot+5ce571007a695806e949@xxxxxxxxxxxxxxxxxxxxxxxxx Closes: https://syzkaller.appspot.com/bug?extid=5ce571007a695806e949 Signed-off-by: Jeremy Cline <jeremy@xxxxxxxxxx> --- fs/hfs/bfind.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c index ef9498a6e88a..f225c78a9e66 100644 --- a/fs/hfs/bfind.c +++ b/fs/hfs/bfind.c @@ -136,6 +136,8 @@ int hfs_brec_find(struct hfs_find_data *fd) bnode->parent = parent; res = __hfs_brec_find(bnode, fd); + if (res < 0) + goto release; if (!height) break; if (fd->record < 0) -- 2.41.0
