[PATCH 2/2] Fix possible NULL pointer dereference in udf_table_free_blocks()

  Hello,

  fix possible NULL pointer dereference in UDF block freeing code. The description in the
header of the patch has more details. Andrew, please apply. Thanks.

										Honza
-- 
Jan Kara <[email protected]>
SuSE CR Labs

Fix possible NULL pointer dereference when freeing blocks in case table of
free space is used. Also fix handling of the case when we need to move
extent from one block to another one to make space for indirect extent.
BTW: Nobody seem to have ever used this code.

Signed-off-by: Jan Kara <[email protected]>
 
diff -rupX /home/jack/.kerndiffexclude linux-2.6.23-rc3/fs/udf/balloc.c linux-2.6.23-rc3-1-udf_fix/fs/udf/balloc.c
--- linux-2.6.23-rc3/fs/udf/balloc.c	2007-08-21 14:11:44.000000000 +0200
+++ linux-2.6.23-rc3-1-udf_fix/fs/udf/balloc.c	2007-08-21 14:28:31.000000000 +0200
@@ -540,26 +540,24 @@ static void udf_table_free_blocks(struct
 			if (epos.offset + adsize > sb->s_blocksize) {
 				loffset = epos.offset;
 				aed->lengthAllocDescs = cpu_to_le32(adsize);
-				sptr = UDF_I_DATA(inode) + epos.offset -
-					udf_file_entry_alloc_offset(inode) +
-					UDF_I_LENEATTR(inode) - adsize;
+				sptr = UDF_I_DATA(table) + epos.offset - adsize;
 				dptr = epos.bh->b_data + sizeof(struct allocExtDesc);
 				memcpy(dptr, sptr, adsize);
 				epos.offset = sizeof(struct allocExtDesc) + adsize;
 			} else {
 				loffset = epos.offset + adsize;
 				aed->lengthAllocDescs = cpu_to_le32(0);
-				sptr = oepos.bh->b_data + epos.offset;
-				epos.offset = sizeof(struct allocExtDesc);
-
 				if (oepos.bh) {
+					sptr = oepos.bh->b_data + epos.offset;
 					aed = (struct allocExtDesc *)oepos.bh->b_data;
 					aed->lengthAllocDescs =
 						cpu_to_le32(le32_to_cpu(aed->lengthAllocDescs) + adsize);
 				} else {
+					sptr = UDF_I_DATA(table) + epos.offset;
 					UDF_I_LENALLOC(table) += adsize;
 					mark_inode_dirty(table);
 				}
+				epos.offset = sizeof(struct allocExtDesc);
 			}
 			if (UDF_SB_UDFREV(sb) >= 0x0200)
 				udf_new_tag(epos.bh->b_data, TAG_IDENT_AED, 3, 1,

---

• Prev by Date: [PATCH 1/2] UDF: handle wrong superblock better
• Next by Date: [BUG] 2.6.23-rc3-mm1 - kernel BUG at net/core/skbuff.c:95!
• Previous by thread: [PATCH 1/2] UDF: handle wrong superblock better
• Next by thread: [PATCH] Memory controller Add Documentation
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]