[v3] ocfs2: ocfs2: fix recent memory corruption bug

Message ID	20130801153638.GA4887@elgon.mountain (mailing list archive)
State	New, archived
Headers	show Return-Path: <ocfs2-devel-bounces@oss.oracle.com> Date: Thu, 1 Aug 2013 18:36:38 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: Jeff Liu <jeff.liu@oracle.com> Message-ID: <20130801153638.GA4887@elgon.mountain> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <51FA6C7A.9050407@oracle.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: David Weber <wb@munzinger.de>, Mark Fasheh <mfasheh@suse.com>, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [patch v3] ocfs2: ocfs2: fix recent memory corruption bug Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ocfs2-devel-bounces@oss.oracle.com Errors-To: ocfs2-devel-bounces@oss.oracle.com

Message ID

20130801153638.GA4887@elgon.mountain (mailing list archive)

State

New, archived

Headers

Date: Thu, 1 Aug 2013 18:36:38 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jeff Liu <jeff.liu@oracle.com>
Message-ID: <20130801153638.GA4887@elgon.mountain>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <51FA6C7A.9050407@oracle.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: David Weber <wb@munzinger.de>, Mark Fasheh <mfasheh@suse.com>,
	ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [patch v3] ocfs2: ocfs2: fix recent memory corruption
	bug
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ocfs2-devel-bounces@oss.oracle.com
Errors-To: ocfs2-devel-bounces@oss.oracle.com

Commit Message

Dan Carpenter Aug. 1, 2013, 3:36 p.m. UTC

The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
memory.  In fact, the memset isn't needed because the initializer will
set all these values to zero.

This patch also removes the "ctx.pos = 0" initialization because that
will be zeroed automatically as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: remove the memset
v3: remove the ctx.pos = 0.

Comments

jeff.liu Aug. 2, 2013, 1:39 a.m. UTC | #1

On 08/01/2013 11:36 PM, Dan Carpenter wrote:

> The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
> ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
> memory.  In fact, the memset isn't needed because the initializer will
> set all these values to zero.
> 
> This patch also removes the "ctx.pos = 0" initialization because that
> will be zeroed automatically as well.

Looks good, thank you for correcting my previous mistake.

Acked-by: Jie Liu <jeff.liu@oracle.com>

> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove the memset
> v3: remove the ctx.pos = 0.
> 
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index c91d986..30544ce 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -2154,12 +2154,8 @@ int ocfs2_empty_dir(struct inode *inode)
>  	int ret;
>  	struct ocfs2_empty_dir_priv priv = {
>  		.ctx.actor = ocfs2_empty_dir_filldir,
> -		.ctx.pos = 0,
>  	};
>  
> -	memset(&priv + sizeof(struct dir_context), 0,
> -	       sizeof(priv) - sizeof(struct dir_context));
> -
>  	if (ocfs2_dir_indexed(inode)) {
>  		ret = ocfs2_empty_dir_dx(inode, &priv);
>  		if (ret)

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index c91d986..30544ce 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2154,12 +2154,8 @@  int ocfs2_empty_dir(struct inode *inode)
 	int ret;
 	struct ocfs2_empty_dir_priv priv = {
 		.ctx.actor = ocfs2_empty_dir_filldir,
-		.ctx.pos = 0,
 	};
 
-	memset(&priv + sizeof(struct dir_context), 0,
-	       sizeof(priv) - sizeof(struct dir_context));
-
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);
 		if (ret)

[v3] ocfs2: ocfs2: fix recent memory corruption bug

Commit Message

Comments

Patch