aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Jones <davej@redhat.com>2006-04-10 03:02:40 -0400
committerJens Axboe <axboe@suse.de>2006-04-10 03:02:40 -0400
commit9aefe431f5a000884db7ae74ac208de814fe5913 (patch)
tree2a5a5469f0a56529c78ca067d798fff0363207a3
parentc7f21e4f5a3d4e378e4d453b2be209dcfd1bb964 (diff)
[PATCH] splice: potential !page dereference
We can get to out: with a NULL page, which we probably don't want to be calling page_cache_release() on. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Jens Axboe <axboe@suse.de>
-rw-r--r--fs/splice.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/splice.c b/fs/splice.c
index b450acdff397..26f5f7ecee5c 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -445,7 +445,7 @@ find_page:
445 ret = -ENOMEM; 445 ret = -ENOMEM;
446 page = find_or_create_page(mapping, index, gfp_mask); 446 page = find_or_create_page(mapping, index, gfp_mask);
447 if (!page) 447 if (!page)
448 goto out; 448 goto out_nomem;
449 449
450 /* 450 /*
451 * If the page is uptodate, it is also locked. If it isn't 451 * If the page is uptodate, it is also locked. If it isn't
@@ -508,6 +508,7 @@ out:
508 page_cache_release(page); 508 page_cache_release(page);
509 unlock_page(page); 509 unlock_page(page);
510 } 510 }
511out_nomem:
511 buf->ops->unmap(info, buf); 512 buf->ops->unmap(info, buf);
512 return ret; 513 return ret;
513} 514}