commit 32f123a3f342 ("udf: Fold udf_getblk() into udf_bread()"), fixes a
null-ptr-deref bug as a side effect. Backport the null-ptr-deref fixing
aspect of the aforementioned commit.
Closes: https://syzkaller.appspot.com/bug?extid=a38e34ca637c224f4a79
Signed-off-by: Jakub Acs <acsjakub@xxxxxxxxx>
---
fs/udf/inode.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index d7d6ccd0af06..4f505a366da9 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -380,6 +380,10 @@ static struct buffer_head *udf_getblk(struct inode *inode, udf_pblk_t block,
*err = udf_get_block(inode, block, &dummy, create);
if (!*err && buffer_mapped(&dummy)) {
bh = sb_getblk(inode->i_sb, dummy.b_blocknr);
+ if (!bh) {
+ *err = -ENOMEM;
+ return NULL;
+ }
if (buffer_new(&dummy)) {
lock_buffer(bh);
memset(bh->b_data, 0x00, inode->i_sb->s_blocksize);
base-commit: e4d90d63d385228b1e0bcf31cc15539bbbc28f7f
--
2.40.1
