| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <797feb23-f8c8-4ce7-b25c-b4f591be1387@moroto.mountain>
Date: Thu, 10 Aug 2023 13:31:16 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: yi.zhang@...wei.com
Cc: linux-ext4@...r.kernel.org
Subject: [bug report] ext4: convert symlink external data block mapping to
bdev
Hello Zhang Yi,
The patch 6493792d3299: "ext4: convert symlink external data block
mapping to bdev" from Apr 24, 2022 (linux-next), leads to the
following Smatch static checker warning:
fs/ext4/namei.c:3353 ext4_init_symlink_block()
error: potential NULL/IS_ERR bug 'bh'
fs/ext4/namei.c
3337 static int ext4_init_symlink_block(handle_t *handle, struct inode *inode,
3338 struct fscrypt_str *disk_link)
3339 {
3340 struct buffer_head *bh;
3341 char *kaddr;
3342 int err = 0;
3343
3344 bh = ext4_bread(handle, inode, 0, EXT4_GET_BLOCKS_CREATE);
3345 if (IS_ERR(bh))
3346 return PTR_ERR(bh);
>From reading the code, it looks like ext4_bread() can return both error
pointers and NULL. (Second return statement).
3347
3348 BUFFER_TRACE(bh, "get_write_access");
3349 err = ext4_journal_get_write_access(handle, inode->i_sb, bh, EXT4_JTR_NONE);
3350 if (err)
3351 goto out;
3352
--> 3353 kaddr = (char *)bh->b_data;
^^^^
Unchecked dereference
3354 memcpy(kaddr, disk_link->name, disk_link->len);
3355 inode->i_size = disk_link->len - 1;
3356 EXT4_I(inode)->i_disksize = inode->i_size;
3357 err = ext4_handle_dirty_metadata(handle, inode, bh);
3358 out:
3359 brelse(bh);
3360 return err;
3361 }
regards,
dan carpenter
Powered by blists - more mailing lists