| Message ID | 9292ce2f2a9cadb80337cc350716ad9fc244ac2f.1668801961.git.josef@toxicpanda.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | btrfs: fix uninitialized parent in insert_state | expand |
On Fri, Nov 18, 2022 at 03:06:09PM -0500, Josef Bacik wrote: > I don't know how this isn't caught when we build this in the kernel, but > while sync'ing extent-io-tree.c into btrfs-progs I got an error because > parent could potentially be uninitialized when we link in a new node, > specifically when the extent_io_tree is empty. This means we could have > garbage in the parent color. I don't know what the ramifications are of > that, but it's probably not great, so fix this by init'ing parent to > NULL. I spot checked all of our other usages in btrfs and we appear to > be doing the correct thing everywhere else. > > Signed-off-by: Josef Bacik <josef@toxicpanda.com> Added to misc-next, thanks. The initialization got lost during the conversion in c7e118cf98c7 ("btrfs: open code rbtree search in insert_state").
diff --git a/fs/btrfs/extent-io-tree.c b/fs/btrfs/extent-io-tree.c index 285b0ff6e953..25215667a3de 100644 --- a/fs/btrfs/extent-io-tree.c +++ b/fs/btrfs/extent-io-tree.c @@ -395,7 +395,7 @@ static int insert_state(struct extent_io_tree *tree, u32 bits, struct extent_changeset *changeset) { struct rb_node **node; - struct rb_node *parent; + struct rb_node *parent = NULL; const u64 end = state->end; set_state_bits(tree, state, bits, changeset);
I don't know how this isn't caught when we build this in the kernel, but while sync'ing extent-io-tree.c into btrfs-progs I got an error because parent could potentially be uninitialized when we link in a new node, specifically when the extent_io_tree is empty. This means we could have garbage in the parent color. I don't know what the ramifications are of that, but it's probably not great, so fix this by init'ing parent to NULL. I spot checked all of our other usages in btrfs and we appear to be doing the correct thing everywhere else. Signed-off-by: Josef Bacik <josef@toxicpanda.com> --- fs/btrfs/extent-io-tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)