[PATCH] fs: btrfs: Prevent error pointer dereference in list_subvolums()
Marek Behún
kabel at kernel.org
Tue Aug 1 11:05:11 CEST 2023
On Wed, 26 Jul 2023 09:59:04 +0300
Dan Carpenter <dan.carpenter at linaro.org> wrote:
> If btrfs_read_fs_root() fails with -ENOENT, then we go to the next
> entry. Fine. But if it fails for a different reason then we need
> to clean up and return an error code. In the current code it
> doesn't clean up but instead dereferences "root" and crashes.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
> ---
> I didn't CC the btrfs mailing list. Perhaps, I should have?
>
> fs/btrfs/subvolume.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/btrfs/subvolume.c b/fs/btrfs/subvolume.c
> index d446e7a2c418..68ca7e48e48e 100644
> --- a/fs/btrfs/subvolume.c
> +++ b/fs/btrfs/subvolume.c
> @@ -199,6 +199,7 @@ static int list_subvolums(struct btrfs_fs_info *fs_info)
> ret = PTR_ERR(root);
> if (ret == -ENOENT)
> goto next;
> + goto out;
> }
> ret = list_one_subvol(root, result);
> if (ret < 0)
Reviewed-by: Marek Behún <kabel at kernel.org>
nice catch :) Dan, I always wanted to ask, since I've seen many such
"nice catches" over different subsystems from you. Do you write some
tools to find these? Or do you use coccinelle, or something?
Marek
More information about the U-Boot
mailing list