From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bob Peterson <rpeterso@redhat.com>
Date: Thu, 15 Jan 2015 11:35:33 -0500 (EST)
Subject: [Cluster-devel] [fsck.gfs2 PATCH] fsck.gfs2: Fix a use-after-free
	in pass2
In-Reply-To: <1763987001.10016993.1421339702066.JavaMail.zimbra@redhat.com>
Message-ID: <241223034.10018414.1421339733794.JavaMail.zimbra@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi,

This patch fixes a rare code path that's doing use-after-free
I spotted in pass2.

Regards,

Bob Peterson
Red Hat File Systems

Signed-off-by: Bob Peterson <rpeterso@redhat.com> 
---
diff --git a/gfs2/fsck/pass2.c b/gfs2/fsck/pass2.c
index 27b7336..4ea322a 100644
--- a/gfs2/fsck/pass2.c
+++ b/gfs2/fsck/pass2.c
@@ -1928,13 +1928,14 @@ int pass2(struct gfs2_sbd *sdp)
 			ip = fsck_load_inode(sdp, dirblk);
 			cur_blks = ip->i_di.di_blocks;
 			error = check_metatree(ip, &pass2_fxns);
-			fsck_inode_put(&ip);
 			if (error < 0) {
 				stack;
+				fsck_inode_put(&ip);
 				return error;
 			}
 			if (ip->i_di.di_blocks != cur_blks)
 				reprocess_inode(ip, "current");
+			fsck_inode_put(&ip);
 		}
 		error = check_dir(sdp, dirblk, &pass2_fxns);
 		if (skip_this_pass || fsck_abort) /* if asked to skip the rest */