diff options
| author | Alexey Khoroshilov <khoroshilov@ispras.ru> | 2013-04-30 18:27:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-30 20:04:05 -0400 |
| commit | 9509f17851da294f8ecf0fc0bfe0fe609671352d (patch) | |
| tree | f1cbc43a20bf1d4d81fb31d0dedf9ad4463bda60 /fs/hfs/catalog.c | |
| parent | eb53b6db7a53642b80b0ca4885cb91d5c7dbc0f8 (diff) | |
hfs: add error checking for hfs_find_init()
hfs_find_init() may fail with ENOMEM, but there are places, where the
returned value is not checked. The consequences can be very unpleasant,
e.g. kfree uninitialized pointer and inappropriate mutex unlocking.
The patch adds checks for errors in hfs_find_init().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Reviewed-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Cc: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/hfs/catalog.c')
| -rw-r--r-- | fs/hfs/catalog.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/fs/hfs/catalog.c b/fs/hfs/catalog.c index 424b0337f524..9569b39257ec 100644 --- a/fs/hfs/catalog.c +++ b/fs/hfs/catalog.c | |||
| @@ -92,7 +92,9 @@ int hfs_cat_create(u32 cnid, struct inode *dir, struct qstr *str, struct inode * | |||
| 92 | return -ENOSPC; | 92 | return -ENOSPC; |
| 93 | 93 | ||
| 94 | sb = dir->i_sb; | 94 | sb = dir->i_sb; |
| 95 | hfs_find_init(HFS_SB(sb)->cat_tree, &fd); | 95 | err = hfs_find_init(HFS_SB(sb)->cat_tree, &fd); |
| 96 | if (err) | ||
| 97 | return err; | ||
| 96 | 98 | ||
| 97 | hfs_cat_build_key(sb, fd.search_key, cnid, NULL); | 99 | hfs_cat_build_key(sb, fd.search_key, cnid, NULL); |
| 98 | entry_size = hfs_cat_build_thread(sb, &entry, S_ISDIR(inode->i_mode) ? | 100 | entry_size = hfs_cat_build_thread(sb, &entry, S_ISDIR(inode->i_mode) ? |
| @@ -214,7 +216,9 @@ int hfs_cat_delete(u32 cnid, struct inode *dir, struct qstr *str) | |||
| 214 | 216 | ||
| 215 | dprint(DBG_CAT_MOD, "delete_cat: %s,%u\n", str ? str->name : NULL, cnid); | 217 | dprint(DBG_CAT_MOD, "delete_cat: %s,%u\n", str ? str->name : NULL, cnid); |
| 216 | sb = dir->i_sb; | 218 | sb = dir->i_sb; |
| 217 | hfs_find_init(HFS_SB(sb)->cat_tree, &fd); | 219 | res = hfs_find_init(HFS_SB(sb)->cat_tree, &fd); |
| 220 | if (res) | ||
| 221 | return res; | ||
| 218 | 222 | ||
| 219 | hfs_cat_build_key(sb, fd.search_key, dir->i_ino, str); | 223 | hfs_cat_build_key(sb, fd.search_key, dir->i_ino, str); |
| 220 | res = hfs_brec_find(&fd); | 224 | res = hfs_brec_find(&fd); |
| @@ -281,7 +285,9 @@ int hfs_cat_move(u32 cnid, struct inode *src_dir, struct qstr *src_name, | |||
| 281 | dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", cnid, src_dir->i_ino, src_name->name, | 285 | dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", cnid, src_dir->i_ino, src_name->name, |
| 282 | dst_dir->i_ino, dst_name->name); | 286 | dst_dir->i_ino, dst_name->name); |
| 283 | sb = src_dir->i_sb; | 287 | sb = src_dir->i_sb; |
| 284 | hfs_find_init(HFS_SB(sb)->cat_tree, &src_fd); | 288 | err = hfs_find_init(HFS_SB(sb)->cat_tree, &src_fd); |
| 289 | if (err) | ||
| 290 | return err; | ||
| 285 | dst_fd = src_fd; | 291 | dst_fd = src_fd; |
| 286 | 292 | ||
| 287 | /* find the old dir entry and read the data */ | 293 | /* find the old dir entry and read the data */ |