From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sgi.com (relay3.corp.sgi.com [198.149.34.15]) by oss.sgi.com (Postfix) with ESMTP id 4B4A97F47 for ; Tue, 3 Mar 2015 14:15:12 -0600 (CST) Received: from cuda.sgi.com (cuda1.sgi.com [192.48.157.11]) by relay3.corp.sgi.com (Postfix) with ESMTP id D9538AC004 for ; Tue, 3 Mar 2015 12:15:08 -0800 (PST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by cuda.sgi.com with ESMTP id BD6alBtu7RFEAzJG (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO) for ; Tue, 03 Mar 2015 12:15:05 -0800 (PST) Message-ID: <54F61641.1010708@redhat.com> Date: Tue, 03 Mar 2015 14:14:57 -0600 From: Eric Sandeen MIME-Version: 1.0 Subject: [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag() List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com To: xfs-oss Cc: Adrien Nader If xfs_filestream_get_parent() fails, we have a null pip, goto out, and attempt to IRELE(NULL). This causes a null pointer dereference and BUG(). Fix this by testing for pip before trying to release it. Reported-by: Adrien Nader Signed-off-by: Eric Sandeen --- diff --git a/fs/xfs/xfs_filestream.c b/fs/xfs/xfs_filestream.c index a2e86e8..fb09a63 100644 --- a/fs/xfs/xfs_filestream.c +++ b/fs/xfs/xfs_filestream.c @@ -348,7 +348,8 @@ xfs_filestream_lookup_ag( if (xfs_filestream_pick_ag(pip, startag, &ag, 0, 0)) ag = NULLAGNUMBER; out: - IRELE(pip); + if (pip) + IRELE(pip); return ag; } _______________________________________________ xfs mailing list xfs@oss.sgi.com http://oss.sgi.com/mailman/listinfo/xfs