Re: A null-ptr-deref bug in reiserfs_breada in fs/reiserfs/journal.c

From: butt3rflyh4ck
Date: Sun Jun 04 2023 - 07:58:17 EST

Next message: Andy Shevchenko: "Re: [PATCH v7 5/9] serial: sc16is7xx: fix regression with GPIO configuration"
Previous message: Willy Tarreau: "Re: [PATCH v3 11/12] selftests/nolibc: add new gettimeofday test cases"
In reply to: Matthew Wilcox: "Re: A null-ptr-deref bug in reiserfs_breada in fs/reiserfs/journal.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, it works! I have tested the patch.

Regards,
butt3rflyh4ck.

On Sun, Jun 4, 2023 at 7:16 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> On Sun, Jun 04, 2023 at 04:12:56PM +0800, butt3rflyh4ck wrote:
> > Hi, there is a null-ptr-deref bug in reiserfs_breada in
> > fs/reiserfs/journal.c, I reproduce it in the latest kernel too.
>
> does this fix the problem?
>
> diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
> index 4d11d60f493c..dd58e0dca5e5 100644
> --- a/fs/reiserfs/journal.c
> +++ b/fs/reiserfs/journal.c
> @@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
> int i, j;
>
> bh = __getblk(dev, block, bufsize);
> - if (buffer_uptodate(bh))
> + if (!bh || buffer_uptodate(bh))
> return (bh);
>
> if (block + BUFNR > max_block) {
> @@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
> j = 1;
> for (i = 1; i < blocks; i++) {
> bh = __getblk(dev, block + i, bufsize);
> + if (!bh)
> + break;
> if (buffer_uptodate(bh)) {
> brelse(bh);
> break;

--
Active Defense Lab of Venustech

Next message: Andy Shevchenko: "Re: [PATCH v7 5/9] serial: sc16is7xx: fix regression with GPIO configuration"
Previous message: Willy Tarreau: "Re: [PATCH v3 11/12] selftests/nolibc: add new gettimeofday test cases"
In reply to: Matthew Wilcox: "Re: A null-ptr-deref bug in reiserfs_breada in fs/reiserfs/journal.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]