aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2007-08-31 02:56:22 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-08-31 04:42:22 -0400
commitf5cc15dac55d4943176f84681f37aa48094ffa8b (patch)
tree94eb6a351096fda5403bc5c98d686bfefedb9ba5
parentbcec44770cc65660369ae17b4e44be027a64a46c (diff)
Fix possible NULL pointer dereference in udf_table_free_blocks()
Fix possible NULL pointer dereference when freeing blocks in case table of free space is used. Also fix handling of the case when we need to move extent from one block to another one to make space for indirect extent. BTW: Nobody seem to have ever used this code. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/udf/balloc.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/udf/balloc.c b/fs/udf/balloc.c
index 276f7207a564..87e87dcd3f9c 100644
--- a/fs/udf/balloc.c
+++ b/fs/udf/balloc.c
@@ -540,26 +540,24 @@ static void udf_table_free_blocks(struct super_block *sb,
540 if (epos.offset + adsize > sb->s_blocksize) { 540 if (epos.offset + adsize > sb->s_blocksize) {
541 loffset = epos.offset; 541 loffset = epos.offset;
542 aed->lengthAllocDescs = cpu_to_le32(adsize); 542 aed->lengthAllocDescs = cpu_to_le32(adsize);
543 sptr = UDF_I_DATA(inode) + epos.offset - 543 sptr = UDF_I_DATA(table) + epos.offset - adsize;
544 udf_file_entry_alloc_offset(inode) +
545 UDF_I_LENEATTR(inode) - adsize;
546 dptr = epos.bh->b_data + sizeof(struct allocExtDesc); 544 dptr = epos.bh->b_data + sizeof(struct allocExtDesc);
547 memcpy(dptr, sptr, adsize); 545 memcpy(dptr, sptr, adsize);
548 epos.offset = sizeof(struct allocExtDesc) + adsize; 546 epos.offset = sizeof(struct allocExtDesc) + adsize;
549 } else { 547 } else {
550 loffset = epos.offset + adsize; 548 loffset = epos.offset + adsize;
551 aed->lengthAllocDescs = cpu_to_le32(0); 549 aed->lengthAllocDescs = cpu_to_le32(0);
552 sptr = oepos.bh->b_data + epos.offset;
553 epos.offset = sizeof(struct allocExtDesc);
554
555 if (oepos.bh) { 550 if (oepos.bh) {
551 sptr = oepos.bh->b_data + epos.offset;
556 aed = (struct allocExtDesc *)oepos.bh->b_data; 552 aed = (struct allocExtDesc *)oepos.bh->b_data;
557 aed->lengthAllocDescs = 553 aed->lengthAllocDescs =
558 cpu_to_le32(le32_to_cpu(aed->lengthAllocDescs) + adsize); 554 cpu_to_le32(le32_to_cpu(aed->lengthAllocDescs) + adsize);
559 } else { 555 } else {
556 sptr = UDF_I_DATA(table) + epos.offset;
560 UDF_I_LENALLOC(table) += adsize; 557 UDF_I_LENALLOC(table) += adsize;
561 mark_inode_dirty(table); 558 mark_inode_dirty(table);
562 } 559 }
560 epos.offset = sizeof(struct allocExtDesc);
563 } 561 }
564 if (UDF_SB_UDFREV(sb) >= 0x0200) 562 if (UDF_SB_UDFREV(sb) >= 0x0200)
565 udf_new_tag(epos.bh->b_data, TAG_IDENT_AED, 3, 1, 563 udf_new_tag(epos.bh->b_data, TAG_IDENT_AED, 3, 1,