From: Dan Carpenter <dan.carpenter@oracle.com>
To: almaz.alexandrovich@paragon-software.com
Cc: ntfs3@lists.linux.dev
Subject: [bug report] fs/ntfs3: inconsistent NULL checks in mi_read()
Date: Wed, 25 Aug 2021 10:44:28 +0300 [thread overview]
Message-ID: <20210825074428.GA15424@kili> (raw)
Hello Konstantin Komarov,
The patch 4342306f0f0d: "fs/ntfs3: Add file operations and
implementation" from Aug 13, 2021, leads to the following
Smatch static checker warning:
fs/ntfs3/record.c:158 mi_read()
warn: potential NULL parameter dereference 'mft_ni'
fs/ntfs3/record.c
122 int mi_read(struct mft_inode *mi, bool is_mft)
123 {
124 int err;
125 struct MFT_REC *rec = mi->mrec;
126 struct ntfs_sb_info *sbi = mi->sbi;
127 u32 bpr = sbi->record_size;
128 u64 vbo = (u64)mi->rno << sbi->record_bits;
129 struct ntfs_inode *mft_ni = sbi->mft.ni;
130 struct runs_tree *run = mft_ni ? &mft_ni->file.run : NULL;
^^^^^^
Can mft_ni be NULL?
131 struct rw_semaphore *rw_lock = NULL;
132
133 if (is_mounted(sbi)) {
134 if (!is_mft) {
135 rw_lock = &mft_ni->file.run_lock;
136 down_read(rw_lock);
137 }
138 }
139
140 err = ntfs_read_bh(sbi, run, vbo, &rec->rhdr, bpr, &mi->nb);
141 if (rw_lock)
142 up_read(rw_lock);
143 if (!err)
144 goto ok;
145
146 if (err == -E_NTFS_FIXUP) {
147 mi->dirty = true;
148 goto ok;
149 }
150
151 if (err != -ENOENT)
152 goto out;
153
154 if (rw_lock) {
155 ni_lock(mft_ni);
156 down_write(rw_lock);
157 }
--> 158 err = attr_load_runs_vcn(mft_ni, ATTR_DATA, NULL, 0, &mft_ni->file.run,
^^^^^^
Unchecked dereference inside the function.
159 vbo >> sbi->cluster_bits);
160 if (rw_lock) {
161 up_write(rw_lock);
162 ni_unlock(mft_ni);
163 }
164 if (err)
165 goto out;
166
167 if (rw_lock)
168 down_read(rw_lock);
169 err = ntfs_read_bh(sbi, run, vbo, &rec->rhdr, bpr, &mi->nb);
170 if (rw_lock)
171 up_read(rw_lock);
172
173 if (err == -E_NTFS_FIXUP) {
174 mi->dirty = true;
175 goto ok;
176 }
177 if (err)
178 goto out;
179
180 ok:
181 /* check field 'total' only here */
182 if (le32_to_cpu(rec->total) != bpr) {
183 err = -EINVAL;
184 goto out;
185 }
186
187 return 0;
188
189 out:
190 return err;
191 }
regards,
dan carpenter
reply other threads:[~2021-08-25 7:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210825074428.GA15424@kili \
--to=dan.carpenter@oracle.com \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=ntfs3@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox