From: Dan Carpenter <dan.carpenter@oracle.com>
To: almaz.alexandrovich@paragon-software.com
Cc: ntfs3@lists.linux.dev
Subject: [bug report] fs/ntfs3: inconsistent NULL checking in ntfs_read_run_nb()
Date: Tue, 24 Aug 2021 14:41:36 +0300 [thread overview]
Message-ID: <20210824114136.GF31143@kili> (raw)
Hello Konstantin Komarov,
This is a semi-automatic email about new static checker warnings.
The patch 82cae269cfa9: "fs/ntfs3: Add initialization of super block"
from Aug 13, 2021, leads to the following Smatch complaint:
fs/ntfs3/fsntfs.c:1265 ntfs_read_run_nb()
error: we previously assumed 'run' could be null (see line 1195)
fs/ntfs3/fsntfs.c
1194
1195 if (!run) {
^^^^
"run" is NULL here.
1196 /* first reading of $Volume + $MFTMirr + LogFile goes here*/
1197 if (vbo > MFT_REC_VOL * sbi->record_size) {
1198 err = -ENOENT;
1199 goto out;
1200 }
1201
1202 /* use absolute boot's 'MFTCluster' to read record */
1203 lbo = vbo + sbi->mft.lbo;
1204 len = sbi->record_size;
1205 } else if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx)) {
1206 err = -ENOENT;
1207 goto out;
1208 } else {
1209 if (lcn == SPARSE_LCN) {
1210 err = -EINVAL;
1211 goto out;
1212 }
1213
1214 lbo = ((u64)lcn << cluster_bits) + off;
1215 len = ((u64)clen << cluster_bits) - off;
1216 }
1217
1218 off = lbo & (blocksize - 1);
1219 if (nb) {
1220 nb->off = off;
1221 nb->bytes = bytes;
1222 }
1223
1224 for (;;) {
1225 u32 len32 = len >= bytes ? bytes : len;
1226 sector_t block = lbo >> sb->s_blocksize_bits;
1227
1228 do {
1229 u32 op = blocksize - off;
1230
1231 if (op > len32)
1232 op = len32;
1233
1234 bh = ntfs_bread(sb, block);
1235 if (!bh) {
1236 err = -EIO;
1237 goto out;
1238 }
1239
1240 if (buf) {
1241 memcpy(buf, bh->b_data + off, op);
1242 buf = Add2Ptr(buf, op);
1243 }
1244
1245 if (!nb) {
1246 put_bh(bh);
1247 } else if (nbh >= ARRAY_SIZE(nb->bh)) {
1248 err = -EINVAL;
1249 goto out;
1250 } else {
1251 nb->bh[nbh++] = bh;
1252 nb->nbufs = nbh;
1253 }
1254
1255 bytes -= op;
1256 if (!bytes)
1257 return 0;
1258 len32 -= op;
1259 block += 1;
1260 off = 0;
1261
1262 } while (len32);
1263
1264 vcn_next = vcn + clen;
1265 if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
^^^
Uchecked dereference.
1266 vcn != vcn_next) {
1267 err = -ENOENT;
regards,
dan carpenter
reply other threads:[~2021-08-24 11:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210824114136.GF31143@kili \
--to=dan.carpenter@oracle.com \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=ntfs3@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox