lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 14 May 2012 17:30:23 +0900
From:	Akira Fujita <a-fujita@...jp.nec.com>
To:	Dan Carpenter <dan.carpenter@...cle.com>
CC:	linux-ext4@...r.kernel.org
Subject: Re: dereference before check in ext4_move_extents()

Hi Dan,

> fs/ext4/move_extent.c:1381 ext4_move_extents()
> 	 warn: variable dereferenced before check 'holecheck_path' (see line 1292)

Thanks for reporting.
I tried to reproduce this with Smatch and kernel 3.4-rc7,
but another compile warning turned up.

# make CHECK="/home/KERN/smatch/smatch -p=kernel" C=1 bzImage modules

<snip>

  CHECK   fs/ext4/block_validity.c
  CC      fs/ext4/block_validity.o
  CHECK   fs/ext4/move_extent.c
fs/ext4/move_extent.c:696 mext_replace_branches() warn: variable dereferenced before check 'dext' (see line 686)
  CC      fs/ext4/move_extent.o
  CHECK   fs/ext4/mmp.c

I'll fix above compile warning surely, but it's not the original
you reported. Hmm, how can I reproduce yours?

Regards,
Akira Fujita


(2012/05/14 3:43), Dan Carpenter wrote:
> Hi, going through some static checker warnings and reporting bugs.
> These were introduced a long time ago.
> 
> The patch 748de6736c1e: "ext4: online defrag -- Add EXT4_IOC_MOVE_EXT
> ioctl" from Jun 17, 2009, leads to the following Smatch complaint:
> 
> fs/ext4/move_extent.c:1381 ext4_move_extents()
> 	 warn: variable dereferenced before check 'holecheck_path' (see line 1292)
> 
> fs/ext4/move_extent.c
>    1291			ext_prev = ext_cur;
>    1292			last_extent = mext_next_extent(orig_inode, holecheck_path,
>                                                                     ^^^^^^^^^^^^^^
> Dereferenced unconditionally inside the mext_next_extent() function.
> 
>    1293							&ext_cur);
>    1294			if (last_extent<  0) {
>    1295				ret1 = last_extent;
>    1296				break;
>    1297			}
> 
> 	[snip]
> 
>    1376			double_down_write_data_sem(orig_inode, donor_inode);
>    1377			if (ret1<  0)
>    1378				break;
>    1379	
>    1380			/* Decrease buffer counter */
>    1381			if (holecheck_path)
>                              ^^^^^^^^^^^^^^
> Checked here.
> 
>    1382				ext4_ext_drop_refs(holecheck_path);
>    1383			ret1 = get_ext_path(orig_inode, seq_start,&holecheck_path);
> 
> regards,
> dan carpenter
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ