diff options
| author | Jia-Ju Bai <baijiaju1990@gmail.com> | 2023-01-11 16:59:43 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-05-24 17:36:47 +0100 |
| commit | 20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6 (patch) | |
| tree | e19c3f799e29bc1f70c571c995f223e7ffb7d093 /fs | |
| parent | 85afd3007465f8bc74afffbf5b84ec29f5310b03 (diff) | |
| download | linux-20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6.tar.gz linux-20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6.tar.bz2 linux-20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6.zip | |
fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
[ Upstream commit ec275bf9693d19cc0fdce8436f4c425ced86f6e7 ]
In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode()
could be NULL, and thus a NULL check is added for this variable.
However, in the same call stack, ni->mi.mrec can be also dereferenced
in ni_clear():
ntfs_evict_inode(inode)
ni_write_inode(inode, ...)
ni = ntfs_i(inode);
is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit
ni_clear(ntfs_i(inode))
is_rec_inuse(ni->mi.mrec) -> No check
Thus, a possible null-pointer dereference may exist in ni_clear().
To fix it, a NULL check is added in this function.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ntfs3/frecord.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 95556515ded3..d24e12d348d4 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -101,7 +101,7 @@ void ni_clear(struct ntfs_inode *ni) { struct rb_node *node; - if (!ni->vfs_inode.i_nlink && is_rec_inuse(ni->mi.mrec)) + if (!ni->vfs_inode.i_nlink && ni->mi.mrec && is_rec_inuse(ni->mi.mrec)) ni_delete_all(ni); al_destroy(ni); |