[PATCH v2] btrfs-progs: receive: fix a segfault that free() an err value

public inbox for linux-btrfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Wang Yugui <wangyugui@e16-tech.com>
To: linux-btrfs@vger.kernel.org
Cc: Wang Yugui <wangyugui@e16-tech.com>
Subject: [PATCH v2] btrfs-progs: receive: fix a segfault that free() an err value
Date: Sat,  3 Sep 2022 00:13:27 +0800	[thread overview]
Message-ID: <20220902161327.45283-1-wangyugui@e16-tech.com> (raw)
In-Reply-To: <20220901083554.40166-1-wangyugui@e16-tech.com>

I noticed a segfault of 'btrfs receive'.
$ gdb
 #0  process_clone (path=0x23829d0 "after.s1.txt", offset=0, len=2097152, clone_uuid=<optimized out>,
    clone_ctransid=<optimized out>, clone_path=0x2382920 "after.s1.txt", clone_offset=0, user=0x7ffe21985ba0)
    at cmds/receive.c:793
793                     free(si->path);
(gdb) p si
$1 = (struct subvol_info *) 0xfffffffffffffffe

'si' was an ERR value. so add the check of '!IS_ERR_OR_NULL()' before 'free()'
just similar to process_snapshot().

Signed-off-by: Wang Yugui <wangyugui@e16-tech.com>
---
changes since v1:
 let the check similar to process_snapshot().

 cmds/receive.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmds/receive.c b/cmds/receive.c
index aec32458..bf476387 100644
--- a/cmds/receive.c
+++ b/cmds/receive.c
@@ -811,7 +811,7 @@ static int process_clone(const char *path, u64 offset, u64 len,
 	}
 
 out:
-	if (si) {
+	if (!IS_ERR_OR_NULL(si)) {
 		free(si->path);
 		free(si);
 	}
-- 
2.36.2

next prev parent reply	other threads:[~2022-09-02 16:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-01  8:35 [PATCH] btrfs-progs: receive: fix a segfault that free() an err value Wang Yugui
2022-09-01  9:13 ` Qu Wenruo
2022-09-02 16:13 ` Wang Yugui [this message]
2022-09-09 15:56   ` [PATCH v2] " David Sterba

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:aec3245 dfblob:bf47638 )
 OR (
bs:"[PATCH v2] btrfs-progs: receive: fix a segfault that free() an err value" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220902161327.45283-1-wangyugui@e16-tech.com \
    --to=wangyugui@e16-tech.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox