summaryrefslogtreecommitdiff
path: root/cmds-check.c
diff options
context:
space:
mode:
authorQu Wenruo <quwenruo@cn.fujitsu.com>2016-10-24 10:43:35 +0800
committerDavid Sterba <dsterba@suse.com>2016-12-14 15:06:34 +0100
commita2883ea16d15ce02c3279f835736e5072dd6e709 (patch)
tree01fe98186fb1455c838a6a7d0a5004ccd5d85cd1 /cmds-check.c
parent45f782abf3694d4cf2b61adeccf0c8c8974fc23f (diff)
btrfs-progs: check: fix NULL pointer dereference for possible memory allocation failure
We didn't check 'path' allocated in check_root_ref(), which can cause NULL pointer dereference if the memory allocation failed. Fix it by using stack memory, since the function should return error bitmap not minus error code, we don't want memory allocation to be an exception. Resolves-Coverity-CID: 1372510 Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'cmds-check.c')
-rw-r--r--cmds-check.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/cmds-check.c b/cmds-check.c
index d1ca6798..f9370e26 100644
--- a/cmds-check.c
+++ b/cmds-check.c
@@ -5044,7 +5044,7 @@ out:
static int check_root_ref(struct btrfs_root *root, struct btrfs_key *ref_key,
struct extent_buffer *node, int slot)
{
- struct btrfs_path *path;
+ struct btrfs_path path;
struct btrfs_key key;
struct btrfs_root_ref *ref;
struct btrfs_root_ref *backref;
@@ -5081,8 +5081,8 @@ static int check_root_ref(struct btrfs_root *root, struct btrfs_key *ref_key,
key.type = BTRFS_ROOT_BACKREF_KEY + BTRFS_ROOT_REF_KEY - ref_key->type;
key.offset = ref_key->objectid;
- path = btrfs_alloc_path();
- ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
+ btrfs_init_path(&path);
+ ret = btrfs_search_slot(NULL, root, &key, &path, 0, 0);
if (ret) {
err |= ROOT_REF_MISSING;
error("%s[%llu %llu] couldn't find relative ref",
@@ -5092,11 +5092,11 @@ static int check_root_ref(struct btrfs_root *root, struct btrfs_key *ref_key,
goto out;
}
- backref = btrfs_item_ptr(path->nodes[0], path->slots[0],
+ backref = btrfs_item_ptr(path.nodes[0], path.slots[0],
struct btrfs_root_ref);
- backref_dirid = btrfs_root_ref_dirid(path->nodes[0], backref);
- backref_seq = btrfs_root_ref_sequence(path->nodes[0], backref);
- backref_namelen = btrfs_root_ref_name_len(path->nodes[0], backref);
+ backref_dirid = btrfs_root_ref_dirid(path.nodes[0], backref);
+ backref_seq = btrfs_root_ref_sequence(path.nodes[0], backref);
+ backref_namelen = btrfs_root_ref_name_len(path.nodes[0], backref);
if (backref_namelen <= BTRFS_NAME_LEN) {
len = backref_namelen;
@@ -5107,7 +5107,7 @@ static int check_root_ref(struct btrfs_root *root, struct btrfs_key *ref_key,
"ROOT_REF" : "ROOT_BACKREF",
key.objectid, key.offset);
}
- read_extent_buffer(path->nodes[0], backref_name,
+ read_extent_buffer(path.nodes[0], backref_name,
(unsigned long)(backref + 1), len);
if (ref_dirid != backref_dirid || ref_seq != backref_seq ||
@@ -5120,7 +5120,7 @@ static int check_root_ref(struct btrfs_root *root, struct btrfs_key *ref_key,
ref_key->objectid, ref_key->offset);
}
out:
- btrfs_free_path(path);
+ btrfs_release_path(&path);
return err;
}