On Fri, Sep 02, 2022 at 01:48:21PM -0700, Darrick J. Wong wrote:
> On Fri, Sep 02, 2022 at 03:43:39PM +0200, Carlos Maiolino wrote:
> > From: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
> >
> > Add proper exit error paths to avoid checking all pointers at the current path
> >
> > Fixes-coverity-id: 1512651
> >
> > Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
> > ---
> > repair/rmap.c | 23 +++++++++++------------
> > 1 file changed, 11 insertions(+), 12 deletions(-)
> >
> > diff --git a/repair/rmap.c b/repair/rmap.c
> > index a7c4b25b1..0253c0c36 100644
> > --- a/repair/rmap.c
> > +++ b/repair/rmap.c
> > @@ -1377,7 +1377,7 @@ check_refcounts(
> > if (error) {
> > do_warn(_("Could not read AGF %u to check refcount btree.\n"),
> > agno);
> > - goto err;
> > + goto err_agf;
>
> Shouldn't this ^^^^^^^ be err_pag, since we're erroring out and
> releasing the perag group reference?
At first I named it err_pag, but pag is used here only to read the agf, and when
reading agf fail is why we end up reaching this error path, so I thought it
would be more specific to name it err_agf.
>
> Also ... don't the "if (XXX) free(XXX)" bits take care of all this?
>
Yeah, it does. But that's exactly what coverity is complaining about. We check
for a NULL pointer 'after' we dereference it earlier, to be more specific:
---
Type: Dereference before NULL check
Null-checking pag suggests that it may be null, but it has already been
dereferenced on all paths leading to the check
---
Both patches fix the same issue type.
> (I can't access Coverity any more, so I don't know what's in the
> report.)
>
> --D
>
> > }
> >
> > /* Leave the per-ag data "uninitialized" since we rewrite it later */
> > @@ -1386,7 +1386,7 @@ check_refcounts(
> > bt_cur = libxfs_refcountbt_init_cursor(mp, NULL, agbp, pag);
> > if (!bt_cur) {
> > do_warn(_("Not enough memory to check refcount data.\n"));
> > - goto err;
> > + goto err_bt_cur;
> > }
> >
> > rl_rec = pop_slab_cursor(rl_cur);
> > @@ -1398,7 +1398,7 @@ check_refcounts(
> > do_warn(
> > _("Could not read reference count record for (%u/%u).\n"),
> > agno, rl_rec->rc_startblock);
> > - goto err;
> > + goto err_loop;
> > }
> > if (!have) {
> > do_warn(
> > @@ -1413,7 +1413,7 @@ _("Missing reference count record for (%u/%u) len %u count %u\n"),
> > do_warn(
> > _("Could not read reference count record for (%u/%u).\n"),
> > agno, rl_rec->rc_startblock);
> > - goto err;
> > + goto err_loop;
> > }
> > if (!i) {
> > do_warn(
> > @@ -1436,14 +1436,13 @@ next_loop:
> > rl_rec = pop_slab_cursor(rl_cur);
> > }
> >
> > -err:
> > - if (bt_cur)
> > - libxfs_btree_del_cursor(bt_cur, error ? XFS_BTREE_ERROR :
> > - XFS_BTREE_NOERROR);
> > - if (pag)
> > - libxfs_perag_put(pag);
> > - if (agbp)
> > - libxfs_buf_relse(agbp);
> > +err_loop:
> > + libxfs_btree_del_cursor(bt_cur, error ?
> > + XFS_BTREE_ERROR : XFS_BTREE_NOERROR);
> > +err_bt_cur:
> > + libxfs_buf_relse(agbp);
> > +err_agf:
> > + libxfs_perag_put(pag);
> > free_slab_cursor(&rl_cur);
> > }
> >
> >
--
Carlos Maiolino
