projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: faa0088)
btrfs: check correct variable after allocation in btrfs_backref_iter_alloc
authorBoleyn Su <boleynsu@google.com>
Thu, 6 Aug 2020 06:31:44 +0000 (15:31 +0900)
committerDavid Sterba <dsterba@suse.com>
Mon, 10 Aug 2020 17:50:54 +0000 (19:50 +0200)
The `if (!ret)` check will always be false and it may result in
ret->path being dereferenced while it is a NULL pointer.

Fixes: a37f232b7b65 ("btrfs: backref: introduce the skeleton of btrfs_backref_iter")
CC: stable@vger.kernel.org # 5.8+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Boleyn Su <boleynsu@google.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/backref.c patch | blob | history

diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index ea10f7b..ea1c28c 100644 (file)
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -2303,7 +2303,7 @@ struct btrfs_backref_iter *btrfs_backref_iter_alloc(
                return NULL;
 
        ret->path = btrfs_alloc_path();
-       if (!ret) {
+       if (!ret->path) {
                kfree(ret);
                return NULL;
        }