On Mon, Sep 25, 2023 at 7:52 AM Su Hui <suhui@xxxxxxxxxxxx> wrote: > > smatch warn: > fs/overlayfs/copy_up.c:450 ovl_set_origin() warn: > variable dereferenced before check 'fh' (see line 449) > > If 'fh' is NULL, passing NULL instead of 'fh->buf'. > > Signed-off-by: Su Hui <suhui@xxxxxxxxxxxx> > --- > fs/overlayfs/copy_up.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c > index d1761ec5866a..086f9176b4d4 100644 > --- a/fs/overlayfs/copy_up.c > +++ b/fs/overlayfs/copy_up.c > @@ -446,7 +446,7 @@ int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower, > /* > * Do not fail when upper doesn't support xattrs. > */ > - err = ovl_check_setxattr(ofs, upper, OVL_XATTR_ORIGIN, fh->buf, > + err = ovl_check_setxattr(ofs, upper, OVL_XATTR_ORIGIN, fh ? fh->buf : NULL, > fh ? fh->fb.len : 0, 0); > kfree(fh); > > -- > 2.30.2 After discussing this with Dan Carpenter, this is not a kernel bug, it is a smatch bug. The value being passed to setxattr is (void *)OVL_FH_FID_OFFSET, which is just as arbitrary as NULL when size is 0. Thanks, Amir.
