| Message ID | 20171104172218.79017-1-artem.blagodarenko@gmail.com |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | [v2] e2fsck: Fix access after free for dx_db structure | expand |
On Nov 4, 2017, at 11:22 AM, Artem Blagodarenko <artem.blagodarenko@gmail.com> wrote: > > dx_db structure is freed after fixing of PR_2_HTREE_BAD_ROOT > problem. Next code block use this structure to unerstand if leaf > is beeng processed. > > If dx_db is freed, then root block is being processed and if_leaf > need to be set to 0. > > Signed-off-by: Artem Blagodarenko <artem.blagodarenko@gmail.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> > --- > e2fsck/pass2.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c > index 09c16179..1b0504c8 100644 > --- a/e2fsck/pass2.c > +++ b/e2fsck/pass2.c > @@ -1095,7 +1095,7 @@ inline_read_fail: > fix_problem(ctx, PR_2_HTREE_BAD_ROOT, &cd->pctx)) { > clear_htree(ctx, ino); > dx_dir->numblocks = 0; > - dx_db = 0; > + dx_db = NULL; > } > dx_dir->hashversion = root->hash_version; > if ((dx_dir->hashversion <= EXT2_HASH_TEA) && > @@ -1107,9 +1107,10 @@ inline_read_fail: > (ext2fs_dirent_name_len(dirent) == 0) && > (ext2fs_le16_to_cpu(limit->limit) == > ((fs->blocksize - (8 + dx_csum_size)) / > - sizeof(struct ext2_dx_entry)))) > + sizeof(struct ext2_dx_entry)))) { > dx_db->type = DX_DIRBLOCK_NODE; > - is_leaf = (dx_db->type == DX_DIRBLOCK_LEAF); > + } > + is_leaf = dx_db ? (dx_db->type == DX_DIRBLOCK_LEAF) : 0; > } > out_htree: > > -- > 2.13.5 (Apple Git-94) > Cheers, Andreas
On Sun, Nov 05, 2017 at 10:49:55PM -0700, Andreas Dilger wrote: > On Nov 4, 2017, at 11:22 AM, Artem Blagodarenko <artem.blagodarenko@gmail.com> wrote: > > > > dx_db structure is freed after fixing of PR_2_HTREE_BAD_ROOT > > problem. Next code block use this structure to unerstand if leaf > > is beeng processed. > > > > If dx_db is freed, then root block is being processed and if_leaf > > need to be set to 0. > > > > Signed-off-by: Artem Blagodarenko <artem.blagodarenko@gmail.com> > > Reviewed-by: Andreas Dilger <adilger@dilger.ca> Thanks, applied. - Ted
diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c index 09c16179..1b0504c8 100644 --- a/e2fsck/pass2.c +++ b/e2fsck/pass2.c @@ -1095,7 +1095,7 @@ inline_read_fail: fix_problem(ctx, PR_2_HTREE_BAD_ROOT, &cd->pctx)) { clear_htree(ctx, ino); dx_dir->numblocks = 0; - dx_db = 0; + dx_db = NULL; } dx_dir->hashversion = root->hash_version; if ((dx_dir->hashversion <= EXT2_HASH_TEA) && @@ -1107,9 +1107,10 @@ inline_read_fail: (ext2fs_dirent_name_len(dirent) == 0) && (ext2fs_le16_to_cpu(limit->limit) == ((fs->blocksize - (8 + dx_csum_size)) / - sizeof(struct ext2_dx_entry)))) + sizeof(struct ext2_dx_entry)))) { dx_db->type = DX_DIRBLOCK_NODE; - is_leaf = (dx_db->type == DX_DIRBLOCK_LEAF); + } + is_leaf = dx_db ? (dx_db->type == DX_DIRBLOCK_LEAF) : 0; } out_htree:
dx_db structure is freed after fixing of PR_2_HTREE_BAD_ROOT problem. Next code block use this structure to unerstand if leaf is beeng processed. If dx_db is freed, then root block is being processed and if_leaf need to be set to 0. Signed-off-by: Artem Blagodarenko <artem.blagodarenko@gmail.com> --- e2fsck/pass2.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)