| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jul 2019 10:11:32 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: clm@...com, josef@...icpanda.com, dsterba@...e.com
Cc: linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] fs: btrfs: Fix a possible null-pointer dereference in insert_inline_extent()
In insert_inline_extent(), there is an if statement on line 181 to check
whether compressed_pages is NULL:
if (compressed_size && compressed_pages)
When compressed_pages is NULL, compressed_pages is used on line 215:
cpage = compressed_pages[i];
Thus, a possible null-pointer dereference may occur.
To fix this possible bug, compressed_pages is checked on line 214.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
fs/btrfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1af069a9a0c7..19182272fbd8 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -211,7 +211,7 @@ static int insert_inline_extent(struct btrfs_trans_handle *trans,
if (compress_type != BTRFS_COMPRESS_NONE) {
struct page *cpage;
int i = 0;
- while (compressed_size > 0) {
+ while (compressed_size > 0 && compressed_pages) {
cpage = compressed_pages[i];
cur_size = min_t(unsigned long, compressed_size,
PAGE_SIZE);
--
2.17.0
Powered by blists - more mailing lists