diff options
author | Jia-Ju Bai <baijiaju1990@gmail.com> | 2023-01-11 16:59:43 +0800 |
---|---|---|
committer | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2023-03-27 16:59:16 +0400 |
commit | ec275bf9693d19cc0fdce8436f4c425ced86f6e7 (patch) | |
tree | 1477e6c89a6d9b9d46244ca513f765124563f6ef /fs/ntfs3 | |
parent | 6827d50b2c430c329af442b64c9176d174f56521 (diff) | |
download | lwn-ec275bf9693d19cc0fdce8436f4c425ced86f6e7.tar.gz lwn-ec275bf9693d19cc0fdce8436f4c425ced86f6e7.zip |
fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode()
could be NULL, and thus a NULL check is added for this variable.
However, in the same call stack, ni->mi.mrec can be also dereferenced
in ni_clear():
ntfs_evict_inode(inode)
ni_write_inode(inode, ...)
ni = ntfs_i(inode);
is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit
ni_clear(ntfs_i(inode))
is_rec_inuse(ni->mi.mrec) -> No check
Thus, a possible null-pointer dereference may exist in ni_clear().
To fix it, a NULL check is added in this function.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Diffstat (limited to 'fs/ntfs3')
-rw-r--r-- | fs/ntfs3/frecord.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 1103d4d9a497..9e7dfee303e8 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -102,7 +102,7 @@ void ni_clear(struct ntfs_inode *ni) { struct rb_node *node; - if (!ni->vfs_inode.i_nlink && is_rec_inuse(ni->mi.mrec)) + if (!ni->vfs_inode.i_nlink && ni->mi.mrec && is_rec_inuse(ni->mi.mrec)) ni_delete_all(ni); al_destroy(ni); |