Re: NTFS null dereference x2

From: Anton Altaparmakov
Date: Fri Apr 23 2004 - 06:14:21 EST

Next message: Andrew McGregor: "Re: [somewhat OT] binary modules agaaaain"
Previous message: William Lee Irwin III: "Re: put_page() tries to handle hugepages but fails"
In reply to: Szakacsits Szabolcs: "Re: NTFS null dereference x2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 17 Apr 2004, Szakacsits Szabolcs wrote:
> Dave Jones <davej@xxxxxxxxxx> wrote:
> > if vol is NULL, everything falls apart..
>
> AFAIS, neither vol nor vol->sb can be NULL below. The !vol check, that
> fooled you or an automatic checker, is bogus and probably it slipped
> through the user space library, thanks.
>
> Please note, by the patch you would introduce a real bug when you
> dereference the now uninitialized sb to assign a value to block_size.

Thanks. While at present vol nor vol->sb can be NULL, I have changed the
code in my tree to do the assignments after the checks for completeness
sake. I of course also moved the assignment that the patch ignored as
well, otherwise as Szaka said, it would all go horribly wrong...

Best regards,

Anton

> > --- linux-2.6.5/fs/ntfs/attrib.c~ 2004-04-16 22:45:53.000000000 +0100
> > +++ linux-2.6.5/fs/ntfs/attrib.c 2004-04-16 22:46:47.000000000 +0100
> > @@ -1235,16 +1235,19 @@
> > u8 *al_end = al + initialized_size;
> > run_list_element *rl;
> > struct buffer_head *bh;
> > - struct super_block *sb = vol->sb;
> > + struct super_block *sb;
> > unsigned long block_size = sb->s_blocksize;
> > unsigned long block, max_block;
> > int err = 0;
> > - unsigned char block_size_bits = sb->s_blocksize_bits;
> > + unsigned char block_size_bits;
> >
> > ntfs_debug("Entering.");
> > if (!vol || !run_list || !al || size <= 0 || initialized_size < 0 ||
> > initialized_size > size)
> > return -EINVAL;
> > + sb = vol->sb;
> > + block_size_bits = sb->s_blocksize_bits;
> > +
> > if (!initialized_size) {
> > memset(al, 0, size);
> > return 0;

--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew McGregor: "Re: [somewhat OT] binary modules agaaaain"
Previous message: William Lee Irwin III: "Re: put_page() tries to handle hugepages but fails"
In reply to: Szakacsits Szabolcs: "Re: NTFS null dereference x2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]