diff mbox

[v3] ocfs2: ocfs2: fix recent memory corruption bug

Message ID 20130801153638.GA4887@elgon.mountain
State New, archived
Headers show

Commit Message

Dan Carpenter Aug. 1, 2013, 3:36 p.m. UTC
The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
memory.  In fact, the memset isn't needed because the initializer will
set all these values to zero.

This patch also removes the "ctx.pos = 0" initialization because that
will be zeroed automatically as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: remove the memset
v3: remove the ctx.pos = 0.

Comments

jeff.liu Aug. 2, 2013, 1:39 a.m. UTC | #1
On 08/01/2013 11:36 PM, Dan Carpenter wrote:

> The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
> ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
> memory.  In fact, the memset isn't needed because the initializer will
> set all these values to zero.
> 
> This patch also removes the "ctx.pos = 0" initialization because that
> will be zeroed automatically as well.

Looks good, thank you for correcting my previous mistake.

Acked-by: Jie Liu <jeff.liu@oracle.com>

> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove the memset
> v3: remove the ctx.pos = 0.
> 
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index c91d986..30544ce 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -2154,12 +2154,8 @@ int ocfs2_empty_dir(struct inode *inode)
>  	int ret;
>  	struct ocfs2_empty_dir_priv priv = {
>  		.ctx.actor = ocfs2_empty_dir_filldir,
> -		.ctx.pos = 0,
>  	};
>  
> -	memset(&priv + sizeof(struct dir_context), 0,
> -	       sizeof(priv) - sizeof(struct dir_context));
> -
>  	if (ocfs2_dir_indexed(inode)) {
>  		ret = ocfs2_empty_dir_dx(inode, &priv);
>  		if (ret)
diff mbox

Patch

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index c91d986..30544ce 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2154,12 +2154,8 @@  int ocfs2_empty_dir(struct inode *inode)
 	int ret;
 	struct ocfs2_empty_dir_priv priv = {
 		.ctx.actor = ocfs2_empty_dir_filldir,
-		.ctx.pos = 0,
 	};
 
-	memset(&priv + sizeof(struct dir_context), 0,
-	       sizeof(priv) - sizeof(struct dir_context));
-
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);
 		if (ret)