All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <error27@gmail.com>
To: Josef Bacik <josef@redhat.com>
Cc: linux-btrfs@vger.kernel.org
Subject: dereferencing freed variable in "add basic DIO read/write support"
Date: Fri, 28 May 2010 12:33:59 +0200	[thread overview]
Message-ID: <20100528103359.GW22515@bicker> (raw)

Hello,

Smatch complains about a possible freed pointer deref introduced by:
4b46fce2334 "Btrfs: add basic DIO read/write support".  Could you take a
look?

fs/btrfs/inode.c +5716 btrfs_submit_direct(79)
  5705  out_err:
  5706          kfree(dip->csums);
  5707          kfree(dip);
                ^^^^^^^^^^^

	dip is freed here.

  5708  free_ordered:
  5709          /*
  5710           * If this is a write, we need to clean up the reserved space and kill
  5711           * the ordered extent.
  5712           */
  5713          if (write) {
  5714                  struct btrfs_ordered_extent *ordered;
  5715                  ordered = btrfs_lookup_ordered_extent(inode,
  5716				dip->logical_offset);
                                ^^^^^^^^^^^^^^^^^^^

	dereferenced here.  Actually, dip could also be null here if the
	kmalloc failed()


regards,
dan carpenter

             reply	other threads:[~2010-05-28 10:33 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-28 10:33 Dan Carpenter [this message]
2010-05-28 12:54 ` dereferencing freed variable in "add basic DIO read/write support" Chris Mason

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100528103359.GW22515@bicker \
    --to=error27@gmail.com \
    --cc=josef@redhat.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.