lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1408526378-12972-1-git-send-email-colin.king@canonical.com>
Date:	Wed, 20 Aug 2014 10:19:38 +0100
From:	Colin King <colin.king@...onical.com>
To:	Artem Bityutskiy <dedekind1@...il.com>,
	David Woodhouse <dwmw2@...radead.org>,
	Brian Norris <computersforpeace@...il.com>,
	linux-mtd@...ts.infradead.org
Cc:	ezequiel.garcia@...e-electrons.com, linux-kernel@...r.kernel.org
Subject: [PATCH][V2] UBI: block: fix dereference on uninitialized dev

From: Colin Ian King <colin.king@...onical.com>

commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
introduced a dereference on dev (which is not initialized at that
point) when printing a warning message.  Re-order disk_capacity check
after the dev is found.

Found by cppcheck:
 [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
 drivers/mtd/ubi/block.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 33c6495..7a9805a 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -504,11 +504,6 @@ static int ubiblock_resize(struct ubi_volume_info *vi)
 	struct ubiblock *dev;
 	u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
 
-	if ((sector_t)disk_capacity != disk_capacity) {
-		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
-			 dev->gd->disk_name, vi->size);
-		return -EFBIG;
-	}
 	/*
 	 * Need to lock the device list until we stop using the device,
 	 * otherwise the device struct might get released in
@@ -520,6 +515,12 @@ static int ubiblock_resize(struct ubi_volume_info *vi)
 		mutex_unlock(&devices_mutex);
 		return -ENODEV;
 	}
+	if ((sector_t)disk_capacity != disk_capacity) {
+		mutex_unlock(&devices_mutex);
+		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
+			dev->gd->disk_name, vi->size);
+		return -EFBIG;
+	}
 
 	mutex_lock(&dev->dev_mutex);
 	set_capacity(dev->gd, disk_capacity);
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ