'bhs' is an un-initialized pointer.
If 'groups_per_page' == 1, 'bh' is assigned its address.
Then, in the for loop below, if we early exit, either because
"group >= ngroups" or if ext4_get_group_info() fails, then it is still left
un-initialized.
It can then be used.
NULL tests could fail and lead to unexpected behavior. Also, should the
error handling path be called, brelse() would be passed a potentially
invalid value.
Better safe than sorry, just make sure it is correctly initialized to NULL.
Fixes: c9de560ded61 ("ext4: Add multi block allocator for ext4")
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
Compile tested only.
The scenario looks possible, but I don't know if it can really happen...
---
fs/ext4/mballoc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index b25a27c86696..ff9a124f439b 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1285,7 +1285,7 @@ static int ext4_mb_init_cache(struct folio *folio, char *incore, gfp_t gfp)
ext4_group_t first_group, group;
int first_block;
struct super_block *sb;
- struct buffer_head *bhs;
+ struct buffer_head *bhs = NULL;
struct buffer_head **bh = NULL;
struct inode *inode;
char *data;
--
2.47.1
