aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorAnton Altaparmakov <anton@tuxera.com>2011-01-28 15:45:28 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-01-30 21:58:11 -0500
commitaf5eb745efe97d91d2cbe793029838b3311c15da (patch)
treec2e410318a3f38928255ebf9ab18332b871e17f0 /Documentation
parent9fbf0c08d441888b977f7c459c8aa57f2c0cb6ad (diff)
NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc().
In ntfs_mft_record_alloc() when mapping the new extent mft record with map_extent_mft_record() we overwrite @m with the return value and on error, we then try to use the old @m but that is no longer there as @m now contains an error code instead so we crash when dereferencing the error code as if it were a pointer. The simple fix is to use a temporary variable to store the return value thus preserving the original @m for later use. This is a backport from the commercial Tuxera-NTFS driver and is well tested... Thanks go to Julia Lawall for pointing this out (whilst I had fixed it in the commercial driver I had failed to fix it in the Linux kernel). Signed-off-by: Anton Altaparmakov <anton@tuxera.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/filesystems/ntfs.txt2
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/filesystems/ntfs.txt b/Documentation/filesystems/ntfs.txt
index 6ef8cf3bc9a3..933bc66ccff1 100644
--- a/Documentation/filesystems/ntfs.txt
+++ b/Documentation/filesystems/ntfs.txt
@@ -460,6 +460,8 @@ Note, a technical ChangeLog aimed at kernel hackers is in fs/ntfs/ChangeLog.
4602.1.30: 4602.1.30:
461 - Fix writev() (it kept writing the first segment over and over again 461 - Fix writev() (it kept writing the first segment over and over again
462 instead of moving onto subsequent segments). 462 instead of moving onto subsequent segments).
463 - Fix crash in ntfs_mft_record_alloc() when mapping the new extent mft
464 record failed.
4632.1.29: 4652.1.29:
464 - Fix a deadlock when mounting read-write. 466 - Fix a deadlock when mounting read-write.
4652.1.28: 4672.1.28: