From: Kautuk Consul <consul.kautuk@xxxxxxxxx> If the swapfile type encoded within entry.val is corrupted in such a way that the swap_info[type] == NULL, then the code in swap_info_get will cause a NULL pointer exception. Assuming that the code in swap_info_get attempts to validate the swapfile type by checking its range, another bad_nofile check would be to check for check whether the swap_info[type] pointer is NULL. Adding a NULL check for swap_info[type] to be reagrded as a "bad_nofile" error scenario. Signed-off-by: Kautuk Consul <consul.kautuk@xxxxxxxxx> --- mm/swapfile.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/mm/swapfile.c b/mm/swapfile.c index b1cd120..7bdbe91 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -483,6 +483,8 @@ static struct swap_info_struct *swap_info_get(swp_entry_t entry) if (type >= nr_swapfiles) goto bad_nofile; p = swap_info[type]; + if (!p) + goto bad_nofile; if (!(p->flags & SWP_USED)) goto bad_device; offset = swp_offset(entry); -- 1.7.6 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>