diff options
author | Alexey Khoroshilov <khoroshilov@ispras.ru> | 2013-04-30 15:27:52 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-30 17:04:05 -0700 |
commit | 9509f17851da294f8ecf0fc0bfe0fe609671352d (patch) | |
tree | f1cbc43a20bf1d4d81fb31d0dedf9ad4463bda60 /fs/hfs/dir.c | |
parent | eb53b6db7a53642b80b0ca4885cb91d5c7dbc0f8 (diff) | |
download | blackbird-op-linux-9509f17851da294f8ecf0fc0bfe0fe609671352d.tar.gz blackbird-op-linux-9509f17851da294f8ecf0fc0bfe0fe609671352d.zip |
hfs: add error checking for hfs_find_init()
hfs_find_init() may fail with ENOMEM, but there are places, where the
returned value is not checked. The consequences can be very unpleasant,
e.g. kfree uninitialized pointer and inappropriate mutex unlocking.
The patch adds checks for errors in hfs_find_init().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Reviewed-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Cc: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/hfs/dir.c')
-rw-r--r-- | fs/hfs/dir.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c index 5f7f1abd5f6d..e1c80482a292 100644 --- a/fs/hfs/dir.c +++ b/fs/hfs/dir.c @@ -25,7 +25,9 @@ static struct dentry *hfs_lookup(struct inode *dir, struct dentry *dentry, struct inode *inode = NULL; int res; - hfs_find_init(HFS_SB(dir->i_sb)->cat_tree, &fd); + res = hfs_find_init(HFS_SB(dir->i_sb)->cat_tree, &fd); + if (res) + return ERR_PTR(res); hfs_cat_build_key(dir->i_sb, fd.search_key, dir->i_ino, &dentry->d_name); res = hfs_brec_read(&fd, &rec, sizeof(rec)); if (res) { @@ -63,7 +65,9 @@ static int hfs_readdir(struct file *filp, void *dirent, filldir_t filldir) if (filp->f_pos >= inode->i_size) return 0; - hfs_find_init(HFS_SB(sb)->cat_tree, &fd); + err = hfs_find_init(HFS_SB(sb)->cat_tree, &fd); + if (err) + return err; hfs_cat_build_key(sb, fd.search_key, inode->i_ino, NULL); err = hfs_brec_find(&fd); if (err) |