From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from userp1050.oracle.com ([156.151.31.82]:23992 "EHLO userp1050.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753134AbdARMaP (ORCPT ); Wed, 18 Jan 2017 07:30:15 -0500 Date: Wed, 18 Jan 2017 14:13:20 +0300 From: Dan Carpenter To: Al Viro , Andrew Morton Cc: Jan Kara , Miklos Szeredi , Bob Copeland , Boaz Harrosh , Deepa Dinamani , Viacheslav Dubeyko , linux-fsdevel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch resend] hfs: fix fix hfs_readdir() Message-ID: <20170118111320.GA23725@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1484606094.27533.35.camel@dubeyko.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: I was looking through static analysis warnings and there is a bug here that goes all the way back to the start of git. Basically we're copying the pointer and nearby garbage instead of the data the fd.key pointer is pointing to. Signed-off-by: Dan Carpenter --- I sent this a year ago, and we had a thread about it, but in the end decided that the original patch was correct. Not tested. diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c index 5de5c48..75b2542 100644 --- a/fs/hfs/dir.c +++ b/fs/hfs/dir.c @@ -169,7 +169,7 @@ static int hfs_readdir(struct file *file, struct dir_context *ctx) * Can be done after the list insertion; exclusion with * hfs_delete_cat() is provided by directory lock. */ - memcpy(&rd->key, &fd.key, sizeof(struct hfs_cat_key)); + memcpy(&rd->key, &fd.key->cat, sizeof(struct hfs_cat_key)); out: hfs_find_exit(&fd); return err;