diff mbox series

btrfs: backref: this patch fixes a null pointer dereference bug.

Message ID 20200806063144.2119712-1-boleynsu@google.com (mailing list archive)
State New, archived
Headers show
Series btrfs: backref: this patch fixes a null pointer dereference bug. | expand

Commit Message

Boleyn Su Aug. 6, 2020, 6:31 a.m. UTC 
The `if (!ret)` check will always be false and it may result in ret->path
being dereferenced while it is a null pointer.

Fixes: a37f232b7b65 ("btrfs: backref: introduce the skeleton of btrfs_backref_iter")
Cc: Chris Mason <clm@fb.com>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: David Sterba <dsterba@suse.com>
Cc: Boleyn Su <boleyn.su@gmail.com>
Cc: linux-btrfs@vger.kernel.org
Signed-off-by: Boleyn Su <boleynsu@google.com>
---
 fs/btrfs/backref.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nikolay Borisov Aug. 6, 2020, 6:45 a.m. UTC | #1 
On 6.08.20 г. 9:31 ч., Boleyn Su wrote:
> The `if (!ret)` check will always be false and it may result in ret->path
> being dereferenced while it is a null pointer.
> 
> Fixes: a37f232b7b65 ("btrfs: backref: introduce the skeleton of btrfs_backref_iter")
> Cc: Chris Mason <clm@fb.com>
> Cc: Josef Bacik <josef@toxicpanda.com>
> Cc: David Sterba <dsterba@suse.com>
> Cc: Boleyn Su <boleyn.su@gmail.com>
> Cc: linux-btrfs@vger.kernel.org> Signed-off-by: Boleyn Su <boleynsu@google.com>

Reviewed-by: Nikolay Borisov <nborisov@suse.com>

> ---
>  fs/btrfs/backref.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
> index ea10f7bc9..ea1c28ccb 100644
> --- a/fs/btrfs/backref.c
> +++ b/fs/btrfs/backref.c
> @@ -2303,7 +2303,7 @@ struct btrfs_backref_iter *btrfs_backref_iter_alloc(
>  		return NULL;
>  
>  	ret->path = btrfs_alloc_path();
> -	if (!ret) {
> +	if (!ret->path) {
>  		kfree(ret);
>  		return NULL;
>  	}
>
Qu Wenruo Aug. 6, 2020, 7:03 a.m. UTC | #2 
On 2020/8/6 下午2:31, Boleyn Su wrote:
> The `if (!ret)` check will always be false and it may result in ret->path
> being dereferenced while it is a null pointer.
> 
> Fixes: a37f232b7b65 ("btrfs: backref: introduce the skeleton of btrfs_backref_iter")
> Cc: Chris Mason <clm@fb.com>
> Cc: Josef Bacik <josef@toxicpanda.com>
> Cc: David Sterba <dsterba@suse.com>
> Cc: Boleyn Su <boleyn.su@gmail.com>
> Cc: linux-btrfs@vger.kernel.org
> Signed-off-by: Boleyn Su <boleynsu@google.com>

Nice catch.

Reviewed-by: Qu Wenruo <wqu@suse.com>

Thanks,
Qu
> ---
>  fs/btrfs/backref.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
> index ea10f7bc9..ea1c28ccb 100644
> --- a/fs/btrfs/backref.c
> +++ b/fs/btrfs/backref.c
> @@ -2303,7 +2303,7 @@ struct btrfs_backref_iter *btrfs_backref_iter_alloc(
>  		return NULL;
>  
>  	ret->path = btrfs_alloc_path();
> -	if (!ret) {
> +	if (!ret->path) {
>  		kfree(ret);
>  		return NULL;
>  	}
>
Qu Wenruo Aug. 7, 2020, 5:40 a.m. UTC | #3 
On 2020/8/7 上午11:34, Boleyn Su wrote:
> Thanks for the review. BTW, do I need to do anything else or just leave
> it to you?
>

If you mean adding the extra reviewed-by tags, no. It's handled by the
awesome maintainer David.

But if you mean to find more btrfs bugs, then keep going your awesome work!

Thanks,
Qu

> On Thu, Aug 6, 2020 at 4:04 PM Qu Wenruo <quwenruo.btrfs@gmx.com
> <mailto:quwenruo.btrfs@gmx.com>> wrote:
> 
> 
> 
>     On 2020/8/6 下午2:31, Boleyn Su wrote:
>     > The `if (!ret)` check will always be false and it may result in
>     ret->path
>     > being dereferenced while it is a null pointer.
>     >
>     > Fixes: a37f232b7b65 ("btrfs: backref: introduce the skeleton of
>     btrfs_backref_iter")
>     > Cc: Chris Mason <clm@fb.com <mailto:clm@fb.com>>
>     > Cc: Josef Bacik <josef@toxicpanda.com <mailto:josef@toxicpanda.com>>
>     > Cc: David Sterba <dsterba@suse.com <mailto:dsterba@suse.com>>
>     > Cc: Boleyn Su <boleyn.su@gmail.com <mailto:boleyn.su@gmail.com>>
>     > Cc: linux-btrfs@vger.kernel.org <mailto:linux-btrfs@vger.kernel.org>
>     > Signed-off-by: Boleyn Su <boleynsu@google.com
>     <mailto:boleynsu@google.com>>
> 
>     Nice catch.
> 
>     Reviewed-by: Qu Wenruo <wqu@suse.com <mailto:wqu@suse.com>>
> 
>     Thanks,
>     Qu
>     > ---
>     >  fs/btrfs/backref.c | 2 +-
>     >  1 file changed, 1 insertion(+), 1 deletion(-)
>     >
>     > diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
>     > index ea10f7bc9..ea1c28ccb 100644
>     > --- a/fs/btrfs/backref.c
>     > +++ b/fs/btrfs/backref.c
>     > @@ -2303,7 +2303,7 @@ struct btrfs_backref_iter
>     *btrfs_backref_iter_alloc(
>     >               return NULL;
>     > 
>     >       ret->path = btrfs_alloc_path();
>     > -     if (!ret) {
>     > +     if (!ret->path) {
>     >               kfree(ret);
>     >               return NULL;
>     >       }
>     >
> 
> 
> 
> -- 
> Boleyn Su (simplified Chinese: 苏蕉; traditional Chinese: 蘇蕉; Pinyin:
> Sū Jiāo; Katakana: スージャオ)
> 
> My PGP public key is available at boleyn.su/pgp <https://boleyn.su/pgp>.
diff mbox series

Patch

diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index ea10f7bc9..ea1c28ccb 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -2303,7 +2303,7 @@  struct btrfs_backref_iter *btrfs_backref_iter_alloc(
 		return NULL;
 
 	ret->path = btrfs_alloc_path();
-	if (!ret) {
+	if (!ret->path) {
 		kfree(ret);
 		return NULL;
 	}