Patchwork [06/25] libext2fs: Potential null ptr deref in undo_err_handler_init

login
register
mail settings
Submitter Eric Sandeen
Date Sept. 16, 2011, 8:49 p.m.
Message ID <1316206180-6375-7-git-send-email-sandeen@redhat.com>
Download mbox | patch
Permalink /patch/115053/
State Accepted
Headers show

Comments

Eric Sandeen - Sept. 16, 2011, 8:49 p.m.
In the !undo_io_backing_manager case, undo_err_handler_init
will be passed a null data->real, which will be dereferenced.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
 lib/ext2fs/undo_io.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
Theodore Ts'o - Sept. 16, 2011, 10:53 p.m.
On Fri, Sep 16, 2011 at 03:49:21PM -0500, Eric Sandeen wrote:
> In the !undo_io_backing_manager case, undo_err_handler_init
> will be passed a null data->real, which will be dereferenced.
> 
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>

Applied, thanks.

				- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/lib/ext2fs/undo_io.c b/lib/ext2fs/undo_io.c
index 454f3b6..da1cf45 100644
--- a/lib/ext2fs/undo_io.c
+++ b/lib/ext2fs/undo_io.c
@@ -400,7 +400,8 @@  static errcode_t undo_open(const char *name, int flags, io_channel *channel)
 	 * setup err handler for read so that we know
 	 * when the backing manager fails do short read
 	 */
-	undo_err_handler_init(data->real);
+	if (data->real)
+		undo_err_handler_init(data->real);
 
 	*channel = io;
 	return 0;