ext4: Fix NULL dereference in ext4_ext_migrate()'s error handling

This was found through a code checker (http://repo.or.cz/w/smatch.git/). It looks like you might be able to trigger the error by trying to migrate a readonly file system. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
author: Dan Carpenter <error27@gmail.com> 2009-02-15 20:02:19 -0500
committer: Theodore Ts'o <tytso@mit.edu> 2009-02-15 20:02:19 -0500
commit: 090542641de833c6f756895fc2f139f046e298f9 (patch)
tree: 8a3939e4e72e5107282a5343d2cb50c29e5077a6 /fs/ext4/migrate.c
parent: 2acf2c261b823d9d9ed954f348b97620297a36b5 (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
index 734abca25e35..fe64d9f79852 100644
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -481,7 +481,7 @@ int ext4_ext_migrate(struct inode *inode)
                                        + 1);
        if (IS_ERR(handle)) {
                retval = PTR_ERR(handle);
-                goto err_out;
+                return retval;
        }
        tmp_inode = ext4_new_inode(handle,
                                inode->i_sb->s_root->d_inode,
@@ -489,8 +489,7 @@ int ext4_ext_migrate(struct inode *inode)
        if (IS_ERR(tmp_inode)) {
                retval = -ENOMEM;
                ext4_journal_stop(handle);
-                tmp_inode = NULL;
+                return retval;
-                goto err_out;
        }
        i_size_write(tmp_inode, i_size_read(inode));
        /*
@@ -618,8 +617,7 @@ err_out:
        ext4_journal_stop(handle);
-        if (tmp_inode)
+        iput(tmp_inode);
-                iput(tmp_inode);
        return retval;
 }
author	Dan Carpenter <error27@gmail.com>	2009-02-15 20:02:19 -0500
committer	Theodore Ts'o <tytso@mit.edu>	2009-02-15 20:02:19 -0500
commit	090542641de833c6f756895fc2f139f046e298f9 (patch)
tree	8a3939e4e72e5107282a5343d2cb50c29e5077a6 /fs/ext4/migrate.c
parent	2acf2c261b823d9d9ed954f348b97620297a36b5 (diff)