提交 2d3466a3 编写于 作者: D Dmitriy Monakhov 提交者: Linus Torvalds

reiserfs: possible null pointer dereference during resize

sb_read may return NULL, let's explicitly check it.  If so free new bitmap
blocks array, after this we may safely exit as it done above during bitmap
allocation.
Signed-off-by: NDmitriy Monakhov <dmonakhov@openvz.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 82f703bb
...@@ -131,6 +131,10 @@ int reiserfs_resize(struct super_block *s, unsigned long block_count_new) ...@@ -131,6 +131,10 @@ int reiserfs_resize(struct super_block *s, unsigned long block_count_new)
/* don't use read_bitmap_block since it will cache /* don't use read_bitmap_block since it will cache
* the uninitialized bitmap */ * the uninitialized bitmap */
bh = sb_bread(s, i * s->s_blocksize * 8); bh = sb_bread(s, i * s->s_blocksize * 8);
if (!bh) {
vfree(bitmap);
return -EIO;
}
memset(bh->b_data, 0, sb_blocksize(sb)); memset(bh->b_data, 0, sb_blocksize(sb));
reiserfs_test_and_set_le_bit(0, bh->b_data); reiserfs_test_and_set_le_bit(0, bh->b_data);
reiserfs_cache_bitmap_metadata(s, bh, bitmap + i); reiserfs_cache_bitmap_metadata(s, bh, bitmap + i);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册