Re: [PATCH] btrfs: fix a NULL pointer dereference

From: Qu Wenruo
Date: Thu Mar 14 2019 - 04:00:04 EST

Next message: Qu Wenruo: "Re: [PATCH] btrfs: fix a NULL pointer dereference"
Previous message: Akash Gajjar: "[PATCH 0/2] add gpu node support on rock960 and rockpi4"
In reply to: Josef Bacik: "Re: [PATCH] btrfs: fix a NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019/3/14 äå3:50, Kangjie Lu wrote:
> btrfs_lookup_block_group may fail and return NULL. The fix goes
> to out when it fails to avoid NULL pointer dereference.
>
> Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>
> ---
> fs/btrfs/extent-tree.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
> index 994f0cc41799..b1e7985bcb9d 100644
> --- a/fs/btrfs/extent-tree.c
> +++ b/fs/btrfs/extent-tree.c
> @@ -7303,6 +7303,8 @@ void btrfs_free_tree_block(struct btrfs_trans_handle *trans,
>
> pin = 0;
> cache = btrfs_lookup_block_group(fs_info, buf->start);
> + if (!cache)
> + goto out;

The check itself is OK.

Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>

The problem is, here we're freeing a tree block, if there is no block
group for it, we shouldn't be able to read the extent buffer out.

So it's near impossible to hit. (Unless there is some other things wrong)

Thanks,
Qu

>
> if (btrfs_header_flag(buf, BTRFS_HEADER_FLAG_WRITTEN)) {
> pin_down_extent(fs_info, cache, buf->start,
>

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Qu Wenruo: "Re: [PATCH] btrfs: fix a NULL pointer dereference"
Previous message: Akash Gajjar: "[PATCH 0/2] add gpu node support on rock960 and rockpi4"
In reply to: Josef Bacik: "Re: [PATCH] btrfs: fix a NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]