Re: [xfs-masters] Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced

From: Nathan Scott
Date: Sat Jul 08 2006 - 21:04:46 EST

Next message: Bojan Smojver: "Re: [Suspend2-devel] Re: uswsusp history lesson"
Previous message: Luben Tuikov: "Re: [PATCH] sched.h: increment TASK_COMM_LEN to 20 bytes"
In reply to: Adrian Bunk: "Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 08, 2006 at 09:46:09PM +0200, Adrian Bunk wrote:
> On Fri, Jul 07, 2006 at 09:32:46AM +1000, David Chinner wrote:
> > > Coverity checker found a way how tp might be dereferenced four function
> > > calls later).

Keyword being "might". ;)

> > Then the bug is probably in the function call that uses tp without
> > first checking whether it's null. Can you tell us where that dereference
> > occurs?
>
> xfs_readdir()
> xfs_dir_getdents()
> xfs_dir2_leaf_getdents()
> xfs_bmapi()
> xfs_trans_log_inode()
> tp->t_flags |= XFS_TRANS_DIRTY;

This actually cant happen due to the flags passed into xfs_bmapi (ie.
request for a extent map _read_, which wont result in the inode being
logged, which means no transaction dirtying).

That suggestion to remove the local "tp" variable was valid though,
we may as well do that (will do).

cheers.

--
Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bojan Smojver: "Re: [Suspend2-devel] Re: uswsusp history lesson"
Previous message: Luben Tuikov: "Re: [PATCH] sched.h: increment TASK_COMM_LEN to 20 bytes"
In reply to: Adrian Bunk: "Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]