* [PATCH] btrfs-progs: Fix null pointer deref in balance_level @ 2021-04-06 13:55 Nikolay Borisov 2021-04-08 18:17 ` Josef Bacik 2021-04-16 18:18 ` David Sterba 0 siblings, 2 replies; 3+ messages in thread From: Nikolay Borisov @ 2021-04-06 13:55 UTC (permalink / raw) To: linux-btrfs; +Cc: Nikolay Borisov In case the right buffer is emptied it's first set to null and subsequently it's dereferenced to get its size to pass to root_sub_used. This naturally leads to a null pointer dereference. The correct thing to do is to pass the stashed right->len in "blocksize". Fixes #296 Signed-off-by: Nikolay Borisov <nborisov@suse.com> --- kernel-shared/ctree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel-shared/ctree.c b/kernel-shared/ctree.c index 4cc3aebc1412..3a82286cc914 100644 --- a/kernel-shared/ctree.c +++ b/kernel-shared/ctree.c @@ -927,7 +927,7 @@ static int balance_level(struct btrfs_trans_handle *trans, if (wret) ret = wret; - root_sub_used(root, right->len); + root_sub_used(root, blocksize); wret = btrfs_free_extent(trans, root, bytenr, blocksize, 0, root->root_key.objectid, -- 2.25.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] btrfs-progs: Fix null pointer deref in balance_level 2021-04-06 13:55 [PATCH] btrfs-progs: Fix null pointer deref in balance_level Nikolay Borisov @ 2021-04-08 18:17 ` Josef Bacik 2021-04-16 18:18 ` David Sterba 1 sibling, 0 replies; 3+ messages in thread From: Josef Bacik @ 2021-04-08 18:17 UTC (permalink / raw) To: Nikolay Borisov, linux-btrfs On 4/6/21 9:55 AM, Nikolay Borisov wrote: > In case the right buffer is emptied it's first set to null and > subsequently it's dereferenced to get its size to pass to root_sub_used. > This naturally leads to a null pointer dereference. The correct thing > to do is to pass the stashed right->len in "blocksize". > > Fixes #296 > > Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Josef Bacik <josef@toxicpanda.com> Thanks, Josef ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] btrfs-progs: Fix null pointer deref in balance_level 2021-04-06 13:55 [PATCH] btrfs-progs: Fix null pointer deref in balance_level Nikolay Borisov 2021-04-08 18:17 ` Josef Bacik @ 2021-04-16 18:18 ` David Sterba 1 sibling, 0 replies; 3+ messages in thread From: David Sterba @ 2021-04-16 18:18 UTC (permalink / raw) To: Nikolay Borisov; +Cc: linux-btrfs On Tue, Apr 06, 2021 at 04:55:03PM +0300, Nikolay Borisov wrote: > In case the right buffer is emptied it's first set to null and > subsequently it's dereferenced to get its size to pass to root_sub_used. > This naturally leads to a null pointer dereference. The correct thing > to do is to pass the stashed right->len in "blocksize". > > Fixes #296 I'm using the "Issue: #123" format for that. > Signed-off-by: Nikolay Borisov <nborisov@suse.com> Added to devel, thanks. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-04-16 18:20 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-04-06 13:55 [PATCH] btrfs-progs: Fix null pointer deref in balance_level Nikolay Borisov 2021-04-08 18:17 ` Josef Bacik 2021-04-16 18:18 ` David Sterba
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox