fscache: bug report: dereferencing before checking

fscache: bug report: dereferencing before checking

[Dan Carpenter]

Can "page" be NULL here?

fs/fscache/page.c +712
   705          page = results[0];
   706          _debug("gang %d [%lx]", n, page->index);
                                           ^^^^^^^^^^^
	dereference

   707          if (page->index > op->store_limit) {
                    ^^^^^^^^^^^
	dereference

   708                  fscache_stat(&fscache_n_store_pages_over_limit);
   709                  goto superseded;
   710          }
   711
   712          if (page) {

	check

   713                  radix_tree_tag_set(&cookie->stores, page->index,
   714                                     FSCACHE_COOKIE_STORING_TAG);
   715                  radix_tree_tag_clear(&cookie->stores, page->index,
   716                                       FSCACHE_COOKIE_PENDING_TAG);
   717          }
   718
   719          spin_unlock(&cookie->stores_lock);
   720          spin_unlock(&object->lock);
   721
   722          if (page) {

	check

   723                  fscache_set_op_state(&op->op, "Store");

regards,
dan carpenter

Re: fscache: bug report: dereferencing before checking

[David Howells]

Dan Carpenter <error27@gmail.com> wrote:

> Can "page" be NULL here?

Hmmm...  Interesting question.  I'm not sure it can be NULL.

radix_tree_gang_lookup_tag() finds pages in the tree that have a particular
tag set, and returns the number of pages it has selected.  If that number is
!= 1, then I don't proceed with accessing the array.

So I think the tests of page later are unnecessary.

David