[PATCH 1/1] fs: fat: avoid NULL dereference when root dir is full

[PATCH 1/1] fs: fat: avoid NULL dereference when root dir is full

[Heinrich Schuchardt]

When trying to create a file in the full root directory of a FAT32
filesystem a NULL dereference can be observed.

When the root directory of a FAT16 filesystem is full fill_dir_slot() must
return -1 to signal that a new directory entry could not be allocated.

Fixes: cd2d727fff7e ("fs: fat: allocate a new cluster for root directory of fat32")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 fs/fat/fat_write.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index a2682b5f46..fc932df953 100644
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -260,9 +260,8 @@ fill_dir_slot(fat_itr *itr, const char *l_name)
 			flush_dir(itr);

 		/* allocate a cluster for more entries */
-		if (!fat_itr_next(itr))
-			if (!itr->dent &&
-			    (!itr->is_root || itr->fsdata->fatsize == 32) &&
+		if (!fat_itr_next(itr) && !itr->dent)
+			if ((itr->is_root && itr->fsdata->fatsize != 32) ||
 			    new_dir_table(itr))
 				return -1;
 	}
--
2.28.0

[PATCH 1/1] fs: fat: avoid NULL dereference when root dir is full

[Simon Glass]

On Thu, 19 Nov 2020 at 05:42, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>
> When trying to create a file in the full root directory of a FAT32
> filesystem a NULL dereference can be observed.
>
> When the root directory of a FAT16 filesystem is full fill_dir_slot() must
> return -1 to signal that a new directory entry could not be allocated.
>
> Fixes: cd2d727fff7e ("fs: fat: allocate a new cluster for root directory of fat32")
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  fs/fat/fat_write.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>