Re: NTFS null dereference x2

[Szakacsits Szabolcs]

Dave Jones <davej@xxxxxxxxxx> wrote:

> if vol is NULL, everything falls apart..

AFAIS, neither vol nor vol->sb can be NULL below. The !vol check, that
fooled you or an automatic checker, is bogus and probably it slipped
through the user space library, thanks.

Please note, by the patch you would introduce a real bug when you
dereference the now uninitialized sb to assign a value to block_size.

	Szaka

> --- linux-2.6.5/fs/ntfs/attrib.c~     2004-04-16 22:45:53.000000000 +0100
> +++ linux-2.6.5/fs/ntfs/attrib.c      2004-04-16 22:46:47.000000000 +0100
> @@ -1235,16 +1235,19 @@
>       u8 *al_end = al + initialized_size;
>       run_list_element *rl;
>       struct buffer_head *bh;
> -     struct super_block *sb = vol->sb;
> +     struct super_block *sb;
>       unsigned long block_size = sb->s_blocksize;
>       unsigned long block, max_block;
>       int err = 0;
> -     unsigned char block_size_bits = sb->s_blocksize_bits;
> +     unsigned char block_size_bits;
>
>       ntfs_debug("Entering.");
>       if (!vol || !run_list || !al || size <= 0 || initialized_size < 0 ||
>                       initialized_size > size)
>               return -EINVAL;
> +     sb = vol->sb;
> +     block_size_bits = sb->s_blocksize_bits;
> +
>       if (!initialized_size) {
>               memset(al, 0, size);
>               return 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/