Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced

From: David Chinner
Date: Thu Jul 06 2006 - 19:31:58 EST


On Thu, Jul 06, 2006 at 11:13:20PM +0200, Adrian Bunk wrote:
> The Coverity checker spotted the following:
>
> <-- snip -->
>
> ...
> STATIC int
> xfs_readdir(
> bhv_desc_t *dir_bdp,
> uio_t *uiop,
> cred_t *credp,
> int *eofp)
> {
> xfs_inode_t *dp;
> xfs_trans_t *tp = NULL;
> int error = 0;
> uint lock_mode;
>
> vn_trace_entry(BHV_TO_VNODE(dir_bdp), __FUNCTION__,
> (inst_t *)__return_address);
> dp = XFS_BHVTOI(dir_bdp);
>
> if (XFS_FORCED_SHUTDOWN(dp->i_mount))
> return XFS_ERROR(EIO);
>
> lock_mode = xfs_ilock_map_shared(dp);
> error = xfs_dir_getdents(tp, dp, uiop, eofp);
> xfs_iunlock_map_shared(dp, lock_mode);
> return error;
> }
> ...
>
> <-- snip -->
>
> Note that tp is never assigned any value other than NULL (and the
> Coverity checker found a way how tp might be dereferenced four function
> calls later).

Then the bug is probably in the function call that uses tp without
first checking whether it's null. Can you tell us where that dereference
occurs?

Cheers,

Dave.

--
Dave Chinner
Principal Engineer
SGI Australian Software Group
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/