Linux Btrfs filesystem development
 help / color / mirror / Atom feed
* smatch stuff: potential NULL dereference in btrfs_rm_device()
@ 2011-11-08 14:59 Dan Carpenter
  2011-11-08 15:16 ` Ilya Dryomov
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2011-11-08 14:59 UTC (permalink / raw)
  To: Yan Zheng; +Cc: linux-btrfs

Hi Yan,

Smatch complains about this code from 2008.

fs/btrfs/volumes.c +1417 btrfs_rm_device(157)
	error: we previously assumed 'fs_devices' could be null (see line 1412)

  1412                  while (fs_devices) {
                               ^^^^^^^^^^
checked here.

  1413                          if (fs_devices->seed == cur_devices)
  1414                                  break;
  1415                          fs_devices = fs_devices->seed;
  1416                  }
  1417                  fs_devices->seed = cur_devices->seed;
                        ^^^^^^^^^^^^
dereferenced here.

If we don't hit the break statement, then at the end of the loop we'd
oops.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: smatch stuff: potential NULL dereference in btrfs_rm_device()
  2011-11-08 14:59 smatch stuff: potential NULL dereference in btrfs_rm_device() Dan Carpenter
@ 2011-11-08 15:16 ` Ilya Dryomov
  0 siblings, 0 replies; 2+ messages in thread
From: Ilya Dryomov @ 2011-11-08 15:16 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-btrfs

On Tue, Nov 08, 2011 at 05:59:45PM +0300, Dan Carpenter wrote:
> Hi Yan,
> 
> Smatch complains about this code from 2008.
> 
> fs/btrfs/volumes.c +1417 btrfs_rm_device(157)
> 	error: we previously assumed 'fs_devices' could be null (see line 1412)
> 
>   1412                  while (fs_devices) {
>                                ^^^^^^^^^^
> checked here.
> 
>   1413                          if (fs_devices->seed == cur_devices)
>   1414                                  break;
>   1415                          fs_devices = fs_devices->seed;
>   1416                  }
>   1417                  fs_devices->seed = cur_devices->seed;
>                         ^^^^^^^^^^^^
> dereferenced here.
> 
> If we don't hit the break statement, then at the end of the loop we'd
> oops.

I don't think Zheng works for Oracle (and on Btrfs) any more.  I'll look
into it.

Thanks,

		Ilya

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-11-08 15:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-08 14:59 smatch stuff: potential NULL dereference in btrfs_rm_device() Dan Carpenter
2011-11-08 15:16 ` Ilya Dryomov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox