From: Akira Fujita <a-fujita@rs.jp.nec.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-ext4@vger.kernel.org
Subject: Re: dereference before check in ext4_move_extents()
Date: Mon, 14 May 2012 17:30:23 +0900 [thread overview]
Message-ID: <4FB0C29F.2080403@rs.jp.nec.com> (raw)
In-Reply-To: <20120513184321.GA16541@elgon.mountain>
Hi Dan,
> fs/ext4/move_extent.c:1381 ext4_move_extents()
> warn: variable dereferenced before check 'holecheck_path' (see line 1292)
Thanks for reporting.
I tried to reproduce this with Smatch and kernel 3.4-rc7,
but another compile warning turned up.
# make CHECK="/home/KERN/smatch/smatch -p=kernel" C=1 bzImage modules
<snip>
CHECK fs/ext4/block_validity.c
CC fs/ext4/block_validity.o
CHECK fs/ext4/move_extent.c
fs/ext4/move_extent.c:696 mext_replace_branches() warn: variable dereferenced before check 'dext' (see line 686)
CC fs/ext4/move_extent.o
CHECK fs/ext4/mmp.c
I'll fix above compile warning surely, but it's not the original
you reported. Hmm, how can I reproduce yours?
Regards,
Akira Fujita
(2012/05/14 3:43), Dan Carpenter wrote:
> Hi, going through some static checker warnings and reporting bugs.
> These were introduced a long time ago.
>
> The patch 748de6736c1e: "ext4: online defrag -- Add EXT4_IOC_MOVE_EXT
> ioctl" from Jun 17, 2009, leads to the following Smatch complaint:
>
> fs/ext4/move_extent.c:1381 ext4_move_extents()
> warn: variable dereferenced before check 'holecheck_path' (see line 1292)
>
> fs/ext4/move_extent.c
> 1291 ext_prev = ext_cur;
> 1292 last_extent = mext_next_extent(orig_inode, holecheck_path,
> ^^^^^^^^^^^^^^
> Dereferenced unconditionally inside the mext_next_extent() function.
>
> 1293 &ext_cur);
> 1294 if (last_extent< 0) {
> 1295 ret1 = last_extent;
> 1296 break;
> 1297 }
>
> [snip]
>
> 1376 double_down_write_data_sem(orig_inode, donor_inode);
> 1377 if (ret1< 0)
> 1378 break;
> 1379
> 1380 /* Decrease buffer counter */
> 1381 if (holecheck_path)
> ^^^^^^^^^^^^^^
> Checked here.
>
> 1382 ext4_ext_drop_refs(holecheck_path);
> 1383 ret1 = get_ext_path(orig_inode, seq_start,&holecheck_path);
>
> regards,
> dan carpenter
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2012-05-14 8:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-13 18:43 dereference before check in ext4_move_extents() Dan Carpenter
2012-05-14 8:30 ` Akira Fujita [this message]
2012-05-14 8:51 ` Dan Carpenter
2012-05-15 2:01 ` Akira Fujita
2012-05-15 10:51 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB0C29F.2080403@rs.jp.nec.com \
--to=a-fujita@rs.jp.nec.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.