[patch 3/3] btrfs: dereferencing freed memory
From: Dan Carpenter
Date: Sat Mar 20 2010 - 07:25:05 EST
The original code dereferenced range on the next line.
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index be9b5df..d7ab56c 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1378,6 +1378,7 @@ static int btrfs_ioctl_defrag(struct file *file, void __user *argp)
sizeof(*range))) {
ret = -EFAULT;
kfree(range);
+ goto out;
}
/* compression requires us to start the IO */
if ((range->flags & BTRFS_DEFRAG_RANGE_COMPRESS)) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/