Skip to content

Commit aa4b92c

Browse files
DanCh2020brauner
DanCh2020
authored and
brauner
committed
ntfs: do not dereference a null ctx on error
In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL 'ctx' pointer in error handling. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Danila Chernetsov <[email protected]> Reviewed-by: Namjae Jeon <[email protected]> Signed-off-by: Christian Brauner <[email protected]>
1 parent 6405fee commit aa4b92c

File tree

1 file changed

+19
-17
lines changed

1 file changed

+19
-17
lines changed

fs/ntfs/mft.c

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1955,36 +1955,38 @@ static int ntfs_mft_data_extend_allocation_nolock(ntfs_volume *vol)
19551955
"attribute.%s", es);
19561956
NVolSetErrors(vol);
19571957
}
1958-
a = ctx->attr;
1958+
19591959
if (ntfs_rl_truncate_nolock(vol, &mft_ni->runlist, old_last_vcn)) {
19601960
ntfs_error(vol->sb, "Failed to truncate mft data attribute "
19611961
"runlist.%s", es);
19621962
NVolSetErrors(vol);
19631963
}
1964-
if (mp_rebuilt && !IS_ERR(ctx->mrec)) {
1965-
if (ntfs_mapping_pairs_build(vol, (u8*)a + le16_to_cpu(
1964+
if (ctx) {
1965+
a = ctx->attr;
1966+
if (mp_rebuilt && !IS_ERR(ctx->mrec)) {
1967+
if (ntfs_mapping_pairs_build(vol, (u8 *)a + le16_to_cpu(
19661968
a->data.non_resident.mapping_pairs_offset),
19671969
old_alen - le16_to_cpu(
1968-
a->data.non_resident.mapping_pairs_offset),
1970+
a->data.non_resident.mapping_pairs_offset),
19691971
rl2, ll, -1, NULL)) {
1970-
ntfs_error(vol->sb, "Failed to restore mapping pairs "
1972+
ntfs_error(vol->sb, "Failed to restore mapping pairs "
19711973
"array.%s", es);
1972-
NVolSetErrors(vol);
1973-
}
1974-
if (ntfs_attr_record_resize(ctx->mrec, a, old_alen)) {
1975-
ntfs_error(vol->sb, "Failed to restore attribute "
1974+
NVolSetErrors(vol);
1975+
}
1976+
if (ntfs_attr_record_resize(ctx->mrec, a, old_alen)) {
1977+
ntfs_error(vol->sb, "Failed to restore attribute "
19761978
"record.%s", es);
1979+
NVolSetErrors(vol);
1980+
}
1981+
flush_dcache_mft_record_page(ctx->ntfs_ino);
1982+
mark_mft_record_dirty(ctx->ntfs_ino);
1983+
} else if (IS_ERR(ctx->mrec)) {
1984+
ntfs_error(vol->sb, "Failed to restore attribute search "
1985+
"context.%s", es);
19771986
NVolSetErrors(vol);
19781987
}
1979-
flush_dcache_mft_record_page(ctx->ntfs_ino);
1980-
mark_mft_record_dirty(ctx->ntfs_ino);
1981-
} else if (IS_ERR(ctx->mrec)) {
1982-
ntfs_error(vol->sb, "Failed to restore attribute search "
1983-
"context.%s", es);
1984-
NVolSetErrors(vol);
1985-
}
1986-
if (ctx)
19871988
ntfs_attr_put_search_ctx(ctx);
1989+
}
19881990
if (!IS_ERR(mrec))
19891991
unmap_mft_record(mft_ni);
19901992
up_write(&mft_ni->runlist.lock);

0 commit comments

Comments
 (0)