From patchwork Wed Jan 18 11:13:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 9523557 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CDA56601C3 for ; Wed, 18 Jan 2017 12:30:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C1C2D28598 for ; Wed, 18 Jan 2017 12:30:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B361E2859F; Wed, 18 Jan 2017 12:30:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 928E028598 for ; Wed, 18 Jan 2017 12:30:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753363AbdARMaR (ORCPT ); Wed, 18 Jan 2017 07:30:17 -0500 Received: from userp1050.oracle.com ([156.151.31.82]:23992 "EHLO userp1050.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753134AbdARMaP (ORCPT ); Wed, 18 Jan 2017 07:30:15 -0500 Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by userp1050.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v0IBEm7Q027262 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2017 11:14:48 GMT Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v0IBDaEx007272 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2017 11:13:36 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v0IBDZtv011743 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2017 11:13:35 GMT Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v0IBDYqI011462; Wed, 18 Jan 2017 11:13:34 GMT Received: from mwanda (/154.0.138.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 18 Jan 2017 03:13:32 -0800 Date: Wed, 18 Jan 2017 14:13:20 +0300 From: Dan Carpenter To: Al Viro , Andrew Morton Cc: Jan Kara , Miklos Szeredi , Bob Copeland , Boaz Harrosh , Deepa Dinamani , Viacheslav Dubeyko , linux-fsdevel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch resend] hfs: fix fix hfs_readdir() Message-ID: <20170118111320.GA23725@mwanda> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1484606094.27533.35.camel@dubeyko.com> User-Agent: Mutt/1.6.0 (2016-04-01) X-Source-IP: userp1040.oracle.com [156.151.31.81] Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP I was looking through static analysis warnings and there is a bug here that goes all the way back to the start of git. Basically we're copying the pointer and nearby garbage instead of the data the fd.key pointer is pointing to. Signed-off-by: Dan Carpenter Reviewed-by: Vyacheslav Dubeyko --- I sent this a year ago, and we had a thread about it, but in the end decided that the original patch was correct. Not tested. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c index 5de5c48..75b2542 100644 --- a/fs/hfs/dir.c +++ b/fs/hfs/dir.c @@ -169,7 +169,7 @@ static int hfs_readdir(struct file *file, struct dir_context *ctx) * Can be done after the list insertion; exclusion with * hfs_delete_cat() is provided by directory lock. */ - memcpy(&rd->key, &fd.key, sizeof(struct hfs_cat_key)); + memcpy(&rd->key, &fd.key->cat, sizeof(struct hfs_cat_key)); out: hfs_find_exit(&fd); return err;