[Ocfs2-devel] [patch] ocfs2: fix recent memory corruption bug

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Ocfs2-devel] [patch] ocfs2: fix recent memory corruption bug
@ 2013-08-01 13:55 Dan Carpenter
  2013-08-01 13:58 ` Dan Carpenter
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-08-01 13:55 UTC (permalink / raw)
  To: ocfs2-devel

The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Static checker stuff.

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index c91d986..6942c22 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2157,8 +2157,7 @@ int ocfs2_empty_dir(struct inode *inode)
 		.ctx.pos = 0,
 	};
 
-	memset(&priv + sizeof(struct dir_context), 0,
-	       sizeof(priv) - sizeof(struct dir_context));
+	memset(&priv.seen_dot, 0, sizeof(priv) - sizeof(struct dir_context));
 
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [Ocfs2-devel] [patch] ocfs2: fix recent memory corruption bug
  2013-08-01 13:55 [Ocfs2-devel] [patch] ocfs2: fix recent memory corruption bug Dan Carpenter
@ 2013-08-01 13:58 ` Dan Carpenter
  2013-08-01 14:02   ` [Ocfs2-devel] [patch v2] " Dan Carpenter
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-08-01 13:58 UTC (permalink / raw)
  To: ocfs2-devel

On Thu, Aug 01, 2013 at 04:55:26PM +0300, Dan Carpenter wrote:
> The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
> ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
> memory.
> 

I sent this patch prematurely...  Really the memset is not needed
because the values are already initialized to zero.  Let me send a
v2 patch that removes the memset.

Sorry, I just wanted to fix this right away because of the memory
corruption.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Ocfs2-devel] [patch v2] ocfs2: fix recent memory corruption bug
  2013-08-01 13:58 ` Dan Carpenter
@ 2013-08-01 14:02   ` Dan Carpenter
  2013-08-01 14:11     ` Jeff Liu
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-08-01 14:02 UTC (permalink / raw)
  To: ocfs2-devel

The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
memory.  In fact, the memset isn't needed because the initializer will
set all these values to zero.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: remove the memset

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index c91d986..b1748cd 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2157,9 +2157,6 @@ int ocfs2_empty_dir(struct inode *inode)
 		.ctx.pos = 0,
 	};
 
-	memset(&priv + sizeof(struct dir_context), 0,
-	       sizeof(priv) - sizeof(struct dir_context));
-
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);
 		if (ret)

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [Ocfs2-devel] [patch v2] ocfs2: fix recent memory corruption bug
  2013-08-01 14:02   ` [Ocfs2-devel] [patch v2] " Dan Carpenter
@ 2013-08-01 14:11     ` Jeff Liu
  2013-08-01 15:36       ` [Ocfs2-devel] [patch v3] ocfs2: " Dan Carpenter
  0 siblings, 1 reply; 6+ messages in thread
From: Jeff Liu @ 2013-08-01 14:11 UTC (permalink / raw)
  To: ocfs2-devel

On 08/01/2013 10:02 PM, Dan Carpenter wrote:

> The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
> ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
> memory.  In fact, the memset isn't needed because the initializer will
> set all these values to zero.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove the memset
> 
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index c91d986..b1748cd 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -2157,9 +2157,6 @@ int ocfs2_empty_dir(struct inode *inode)
>  		.ctx.pos = 0,

Umm, so above line could be removed as well.

Thanks,
-Jeff

>  	};
>  
> -	memset(&priv + sizeof(struct dir_context), 0,
> -	       sizeof(priv) - sizeof(struct dir_context));
> -
>  	if (ocfs2_dir_indexed(inode)) {
>  		ret = ocfs2_empty_dir_dx(inode, &priv);
>  		if (ret)

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Ocfs2-devel] [patch v3] ocfs2: ocfs2: fix recent memory corruption bug
  2013-08-01 14:11     ` Jeff Liu
@ 2013-08-01 15:36       ` Dan Carpenter
  2013-08-02  1:39         ` Jeff Liu
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-08-01 15:36 UTC (permalink / raw)
  To: ocfs2-devel

The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
memory.  In fact, the memset isn't needed because the initializer will
set all these values to zero.

This patch also removes the "ctx.pos = 0" initialization because that
will be zeroed automatically as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: remove the memset
v3: remove the ctx.pos = 0.

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index c91d986..30544ce 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2154,12 +2154,8 @@ int ocfs2_empty_dir(struct inode *inode)
 	int ret;
 	struct ocfs2_empty_dir_priv priv = {
 		.ctx.actor = ocfs2_empty_dir_filldir,
-		.ctx.pos = 0,
 	};
 
-	memset(&priv + sizeof(struct dir_context), 0,
-	       sizeof(priv) - sizeof(struct dir_context));
-
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);
 		if (ret)

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [Ocfs2-devel] [patch v3] ocfs2: ocfs2: fix recent memory corruption bug
  2013-08-01 15:36       ` [Ocfs2-devel] [patch v3] ocfs2: " Dan Carpenter
@ 2013-08-02  1:39         ` Jeff Liu
  0 siblings, 0 replies; 6+ messages in thread
From: Jeff Liu @ 2013-08-02  1:39 UTC (permalink / raw)
  To: ocfs2-devel

On 08/01/2013 11:36 PM, Dan Carpenter wrote:

> The pointer math in 6fdf3af1d2 "ocfs2: fix null pointer dereference in
> ocfs2_dir_foreach_blk_id()" isn't correct so it will zero out the wrong
> memory.  In fact, the memset isn't needed because the initializer will
> set all these values to zero.
> 
> This patch also removes the "ctx.pos = 0" initialization because that
> will be zeroed automatically as well.

Looks good, thank you for correcting my previous mistake.

Acked-by: Jie Liu <jeff.liu@oracle.com>

> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove the memset
> v3: remove the ctx.pos = 0.
> 
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index c91d986..30544ce 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -2154,12 +2154,8 @@ int ocfs2_empty_dir(struct inode *inode)
>  	int ret;
>  	struct ocfs2_empty_dir_priv priv = {
>  		.ctx.actor = ocfs2_empty_dir_filldir,
> -		.ctx.pos = 0,
>  	};
>  
> -	memset(&priv + sizeof(struct dir_context), 0,
> -	       sizeof(priv) - sizeof(struct dir_context));
> -
>  	if (ocfs2_dir_indexed(inode)) {
>  		ret = ocfs2_empty_dir_dx(inode, &priv);
>  		if (ret)

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2013-08-02  1:39 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-01 13:55 [Ocfs2-devel] [patch] ocfs2: fix recent memory corruption bug Dan Carpenter
2013-08-01 13:58 ` Dan Carpenter
2013-08-01 14:02   ` [Ocfs2-devel] [patch v2] " Dan Carpenter
2013-08-01 14:11     ` Jeff Liu
2013-08-01 15:36       ` [Ocfs2-devel] [patch v3] ocfs2: " Dan Carpenter
2013-08-02  1:39         ` Jeff Liu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.