kernel-janitors.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate()
@ 2021-08-24  7:49 Dan Carpenter
  2021-08-24  7:50 ` [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split() Dan Carpenter
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Dan Carpenter @ 2021-08-24  7:49 UTC (permalink / raw)
  To: Konstantin Komarov; +Cc: ntfs3, linux-kernel, kernel-janitors

Return -EINVAL if ni_find_attr() fails.  Don't return success.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/ntfs3/index.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 6aa9540ece47..07d6dee0a4ba 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1499,6 +1499,7 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
 	alloc = ni_find_attr(ni, NULL, NULL, ATTR_ALLOC, in->name, in->name_len,
 			     NULL, &mi);
 	if (!alloc) {
+		err = -EINVAL;
 		if (bmp)
 			goto out2;
 		goto out1;
-- 
2.20.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split()
  2021-08-24  7:49 [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Dan Carpenter
@ 2021-08-24  7:50 ` Dan Carpenter
  2021-08-24  9:35   ` Kari Argillander
  2021-08-24  7:51 ` [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root() Dan Carpenter
  2021-08-24  9:03 ` [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Kari Argillander
  2 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2021-08-24  7:50 UTC (permalink / raw)
  To: Konstantin Komarov; +Cc: ntfs3, linux-kernel, kernel-janitors

The "e" pointer is dereferenced before it has been checked for NULL.
Move the dereference after the NULL check to prevent an Oops.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/ntfs3/index.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 07d6dee0a4ba..489e0fffbc75 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -556,11 +556,12 @@ static const struct NTFS_DE *hdr_find_split(const struct INDEX_HDR *hdr)
 	size_t o;
 	const struct NTFS_DE *e = hdr_first_de(hdr);
 	u32 used_2 = le32_to_cpu(hdr->used) >> 1;
-	u16 esize = le16_to_cpu(e->size);
+	u16 esize;
 
 	if (!e || de_is_last(e))
 		return NULL;
 
+	esize = le16_to_cpu(e->size);
 	for (o = le32_to_cpu(hdr->de_off) + esize; o < used_2; o += esize) {
 		const struct NTFS_DE *p = e;
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root()
  2021-08-24  7:49 [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Dan Carpenter
  2021-08-24  7:50 ` [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split() Dan Carpenter
@ 2021-08-24  7:51 ` Dan Carpenter
  2021-08-24 10:22   ` Kari Argillander
  2021-08-27 17:47   ` Konstantin Komarov
  2021-08-24  9:03 ` [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Kari Argillander
  2 siblings, 2 replies; 7+ messages in thread
From: Dan Carpenter @ 2021-08-24  7:51 UTC (permalink / raw)
  To: Konstantin Komarov; +Cc: ntfs3, linux-kernel, kernel-janitors

There are three bugs in this code:
1) If indx_get_root() fails, then return -EINVAL instead of success.
2) On the "/* make root external */" -EOPNOTSUPP; error path it should
   free "re" but it has a memory leak.
3) If indx_new() fails then it will lead to an error pointer dereference
   when we call put_indx_node().

I've re-written the error handling to be more clear.

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/ntfs3/index.c | 36 ++++++++++++++++--------------------
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 489e0fffbc75..4f2d24010386 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1554,12 +1554,12 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	u32 root_size, new_root_size;
 	struct ntfs_sb_info *sbi;
 	int ds_root;
-	struct INDEX_ROOT *root, *a_root = NULL;
+	struct INDEX_ROOT *root, *a_root;
 
 	/* Get the record this root placed in */
 	root = indx_get_root(indx, ni, &attr, &mi);
 	if (!root)
-		goto out;
+		return -EINVAL;
 
 	/*
 	 * Try easy case:
@@ -1591,10 +1591,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 
 	/* Make a copy of root attribute to restore if error */
 	a_root = ntfs_memdup(attr, asize);
-	if (!a_root) {
-		err = -ENOMEM;
-		goto out;
-	}
+	if (!a_root)
+		return -ENOMEM;
 
 	/* copy all the non-end entries from the index root to the new buffer.*/
 	to_move = 0;
@@ -1604,7 +1602,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	for (e = e0;; e = hdr_next_de(hdr, e)) {
 		if (!e) {
 			err = -EINVAL;
-			goto out;
+			goto out_free_root;
 		}
 
 		if (de_is_last(e))
@@ -1612,14 +1610,13 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 		to_move += le16_to_cpu(e->size);
 	}
 
-	n = NULL;
 	if (!to_move) {
 		re = NULL;
 	} else {
 		re = ntfs_memdup(e0, to_move);
 		if (!re) {
 			err = -ENOMEM;
-			goto out;
+			goto out_free_root;
 		}
 	}
 
@@ -1636,7 +1633,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	if (ds_root > 0 && used + ds_root > sbi->max_bytes_per_attr) {
 		/* make root external */
 		err = -EOPNOTSUPP;
-		goto out;
+		goto out_free_re;
 	}
 
 	if (ds_root)
@@ -1666,7 +1663,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 		/* bug? */
 		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 		err = -EINVAL;
-		goto out1;
+		goto out_free_re;
 	}
 
 	if (err) {
@@ -1677,7 +1674,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 			/* bug? */
 			ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 		}
-		goto out1;
+		goto out_free_re;
 	}
 
 	e = (struct NTFS_DE *)(root + 1);
@@ -1688,7 +1685,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	n = indx_new(indx, ni, new_vbn, sub_vbn);
 	if (IS_ERR(n)) {
 		err = PTR_ERR(n);
-		goto out1;
+		goto out_free_re;
 	}
 
 	hdr = &n->index->ihdr;
@@ -1715,7 +1712,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 		put_indx_node(n);
 		fnd_clear(fnd);
 		err = indx_insert_entry(indx, ni, new_de, ctx, fnd);
-		goto out;
+		goto out_free_root;
 	}
 
 	/*
@@ -1725,7 +1722,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	e = hdr_insert_de(indx, hdr, new_de, NULL, ctx);
 	if (!e) {
 		err = -EINVAL;
-		goto out1;
+		goto out_put_n;
 	}
 	fnd_push(fnd, n, e);
 
@@ -1734,12 +1731,11 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 
 	n = NULL;
 
-out1:
+out_put_n:
+	put_indx_node(n);
+out_free_re:
 	ntfs_free(re);
-	if (n)
-		put_indx_node(n);
-
-out:
+out_free_root:
 	ntfs_free(a_root);
 	return err;
 }
-- 
2.20.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate()
  2021-08-24  7:49 [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Dan Carpenter
  2021-08-24  7:50 ` [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split() Dan Carpenter
  2021-08-24  7:51 ` [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root() Dan Carpenter
@ 2021-08-24  9:03 ` Kari Argillander
  2 siblings, 0 replies; 7+ messages in thread
From: Kari Argillander @ 2021-08-24  9:03 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Konstantin Komarov, ntfs3, linux-kernel, kernel-janitors

On Tue, Aug 24, 2021 at 10:49:32AM +0300, Dan Carpenter wrote:
> Return -EINVAL if ni_find_attr() fails.  Don't return success.
> 
> Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Good catch. It seems it is like 50/50 if this should be -ENOENT. I
just check what we do else where where !ni_find_attr().

But either way:
Reviewed-by: Kari Argillander <kari.argillander@gmail.com>

> ---
>  fs/ntfs3/index.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 6aa9540ece47..07d6dee0a4ba 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -1499,6 +1499,7 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	alloc = ni_find_attr(ni, NULL, NULL, ATTR_ALLOC, in->name, in->name_len,
>  			     NULL, &mi);
>  	if (!alloc) {
> +		err = -EINVAL;
>  		if (bmp)
>  			goto out2;
>  		goto out1;
> -- 
> 2.20.1
> 
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split()
  2021-08-24  7:50 ` [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split() Dan Carpenter
@ 2021-08-24  9:35   ` Kari Argillander
  0 siblings, 0 replies; 7+ messages in thread
From: Kari Argillander @ 2021-08-24  9:35 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Konstantin Komarov, ntfs3, linux-kernel, kernel-janitors

On Tue, Aug 24, 2021 at 10:50:15AM +0300, Dan Carpenter wrote:
> The "e" pointer is dereferenced before it has been checked for NULL.
> Move the dereference after the NULL check to prevent an Oops.
> 
> Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Reviewed-by: Kari Argillander <kari.argillander@gmail.com>

> ---
>  fs/ntfs3/index.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 07d6dee0a4ba..489e0fffbc75 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -556,11 +556,12 @@ static const struct NTFS_DE *hdr_find_split(const struct INDEX_HDR *hdr)
>  	size_t o;
>  	const struct NTFS_DE *e = hdr_first_de(hdr);
>  	u32 used_2 = le32_to_cpu(hdr->used) >> 1;
> -	u16 esize = le16_to_cpu(e->size);
> +	u16 esize;
>  
>  	if (!e || de_is_last(e))
>  		return NULL;
>  
> +	esize = le16_to_cpu(e->size);
>  	for (o = le32_to_cpu(hdr->de_off) + esize; o < used_2; o += esize) {
>  		const struct NTFS_DE *p = e;


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root()
  2021-08-24  7:51 ` [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root() Dan Carpenter
@ 2021-08-24 10:22   ` Kari Argillander
  2021-08-27 17:47   ` Konstantin Komarov
  1 sibling, 0 replies; 7+ messages in thread
From: Kari Argillander @ 2021-08-24 10:22 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Konstantin Komarov, ntfs3, linux-kernel, kernel-janitors

On Tue, Aug 24, 2021 at 10:51:04AM +0300, Dan Carpenter wrote:
> There are three bugs in this code:
> 1) If indx_get_root() fails, then return -EINVAL instead of success.
> 2) On the "/* make root external */" -EOPNOTSUPP; error path it should
>    free "re" but it has a memory leak.
> 3) If indx_new() fails then it will lead to an error pointer dereference
>    when we call put_indx_node().
> 
> I've re-written the error handling to be more clear.
> 
> Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Minor things in comments. With or without they being made:

Reviewed-by: Kari Argillander <kari.argillander@gmail.com>

> ---
>  fs/ntfs3/index.c | 36 ++++++++++++++++--------------------
>  1 file changed, 16 insertions(+), 20 deletions(-)
> 
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 489e0fffbc75..4f2d24010386 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -1554,12 +1554,12 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,


	int err = 0;

No need to initiliaze err anymore.

>  	u32 root_size, new_root_size;
>  	struct ntfs_sb_info *sbi;
>  	int ds_root;
> -	struct INDEX_ROOT *root, *a_root = NULL;
> +	struct INDEX_ROOT *root, *a_root;
>  
>  	/* Get the record this root placed in */
>  	root = indx_get_root(indx, ni, &attr, &mi);
>  	if (!root)
> -		goto out;
> +		return -EINVAL;
>  
>  	/*
>  	 * Try easy case:
> @@ -1591,10 +1591,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  
>  	/* Make a copy of root attribute to restore if error */
>  	a_root = ntfs_memdup(attr, asize);
> -	if (!a_root) {
> -		err = -ENOMEM;
> -		goto out;
> -	}
> +	if (!a_root)
> +		return -ENOMEM;

a_root could be moved little further but maybe it makes sense to live
here. Not effecting your patch but I wonder if attr should be restored
in more situatations. attr is restored only in one place. But you do
not have to check any of this if not intrested. Just thinking out loud
here.

>  
>  	/* copy all the non-end entries from the index root to the new buffer.*/
>  	to_move = 0;
> @@ -1604,7 +1602,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	for (e = e0;; e = hdr_next_de(hdr, e)) {
>  		if (!e) {
>  			err = -EINVAL;
> -			goto out;
> +			goto out_free_root;
>  		}
>  
>  		if (de_is_last(e))
> @@ -1612,14 +1610,13 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  		to_move += le16_to_cpu(e->size);
>  	}
>  
> -	n = NULL;
>  	if (!to_move) {
>  		re = NULL;
>  	} else {
>  		re = ntfs_memdup(e0, to_move);
>  		if (!re) {
>  			err = -ENOMEM;
> -			goto out;
> +			goto out_free_root;
>  		}
>  	}
>  
> @@ -1636,7 +1633,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	if (ds_root > 0 && used + ds_root > sbi->max_bytes_per_attr) {
>  		/* make root external */
>  		err = -EOPNOTSUPP;
> -		goto out;
> +		goto out_free_re;
>  	}
>  
>  	if (ds_root)
> @@ -1666,7 +1663,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  		/* bug? */
>  		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
>  		err = -EINVAL;
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	if (err) {
> @@ -1677,7 +1674,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  			/* bug? */
>  			ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
>  		}
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	e = (struct NTFS_DE *)(root + 1);
> @@ -1688,7 +1685,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	n = indx_new(indx, ni, new_vbn, sub_vbn);
>  	if (IS_ERR(n)) {
>  		err = PTR_ERR(n);
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	hdr = &n->index->ihdr;
> @@ -1715,7 +1712,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,


		ntfs_free(re);

Take this off

>  		put_indx_node(n);

and this off

>  		fnd_clear(fnd);
>  		err = indx_insert_entry(indx, ni, new_de, ctx, fnd);
> -		goto out;
> +		goto out_free_root;

and call out_put_n here. Right?

>  	}
>  
>  	/*
> @@ -1725,7 +1722,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	e = hdr_insert_de(indx, hdr, new_de, NULL, ctx);
>  	if (!e) {
>  		err = -EINVAL;
> -		goto out1;
> +		goto out_put_n;
>  	}
>  	fnd_push(fnd, n, e);
>  
> @@ -1734,12 +1731,11 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  
>  	n = NULL;
>  
> -out1:
> +out_put_n:
> +	put_indx_node(n);
> +out_free_re:
>  	ntfs_free(re);
> -	if (n)
> -		put_indx_node(n);
> -
> -out:
> +out_free_root:
>  	ntfs_free(a_root);
>  	return err;
>  }

Overall lot cleaner now. Thanks.

> -- 
> 2.20.1
> 
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root()
  2021-08-24  7:51 ` [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root() Dan Carpenter
  2021-08-24 10:22   ` Kari Argillander
@ 2021-08-27 17:47   ` Konstantin Komarov
  1 sibling, 0 replies; 7+ messages in thread
From: Konstantin Komarov @ 2021-08-27 17:47 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: ntfs3, linux-kernel, kernel-janitors



On 24.08.2021 10:51, Dan Carpenter wrote:
> There are three bugs in this code:
> 1) If indx_get_root() fails, then return -EINVAL instead of success.
> 2) On the "/* make root external */" -EOPNOTSUPP; error path it should
>    free "re" but it has a memory leak.
> 3) If indx_new() fails then it will lead to an error pointer dereference
>    when we call put_indx_node().
> 
> I've re-written the error handling to be more clear.
> 
> Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  fs/ntfs3/index.c | 36 ++++++++++++++++--------------------
>  1 file changed, 16 insertions(+), 20 deletions(-)
> 
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 489e0fffbc75..4f2d24010386 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -1554,12 +1554,12 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	u32 root_size, new_root_size;
>  	struct ntfs_sb_info *sbi;
>  	int ds_root;
> -	struct INDEX_ROOT *root, *a_root = NULL;
> +	struct INDEX_ROOT *root, *a_root;
>  
>  	/* Get the record this root placed in */
>  	root = indx_get_root(indx, ni, &attr, &mi);
>  	if (!root)
> -		goto out;
> +		return -EINVAL;
>  
>  	/*
>  	 * Try easy case:
> @@ -1591,10 +1591,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  
>  	/* Make a copy of root attribute to restore if error */
>  	a_root = ntfs_memdup(attr, asize);
> -	if (!a_root) {
> -		err = -ENOMEM;
> -		goto out;
> -	}
> +	if (!a_root)
> +		return -ENOMEM;
>  
>  	/* copy all the non-end entries from the index root to the new buffer.*/
>  	to_move = 0;
> @@ -1604,7 +1602,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	for (e = e0;; e = hdr_next_de(hdr, e)) {
>  		if (!e) {
>  			err = -EINVAL;
> -			goto out;
> +			goto out_free_root;
>  		}
>  
>  		if (de_is_last(e))
> @@ -1612,14 +1610,13 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  		to_move += le16_to_cpu(e->size);
>  	}
>  
> -	n = NULL;
>  	if (!to_move) {
>  		re = NULL;
>  	} else {
>  		re = ntfs_memdup(e0, to_move);
>  		if (!re) {
>  			err = -ENOMEM;
> -			goto out;
> +			goto out_free_root;
>  		}
>  	}
>  
> @@ -1636,7 +1633,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	if (ds_root > 0 && used + ds_root > sbi->max_bytes_per_attr) {
>  		/* make root external */
>  		err = -EOPNOTSUPP;
> -		goto out;
> +		goto out_free_re;
>  	}
>  
>  	if (ds_root)
> @@ -1666,7 +1663,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  		/* bug? */
>  		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
>  		err = -EINVAL;
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	if (err) {
> @@ -1677,7 +1674,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  			/* bug? */
>  			ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
>  		}
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	e = (struct NTFS_DE *)(root + 1);
> @@ -1688,7 +1685,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	n = indx_new(indx, ni, new_vbn, sub_vbn);
>  	if (IS_ERR(n)) {
>  		err = PTR_ERR(n);
> -		goto out1;
> +		goto out_free_re;
>  	}
>  
>  	hdr = &n->index->ihdr;
> @@ -1715,7 +1712,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  		put_indx_node(n);
>  		fnd_clear(fnd);
>  		err = indx_insert_entry(indx, ni, new_de, ctx, fnd);
> -		goto out;
> +		goto out_free_root;
>  	}
>  
>  	/*
> @@ -1725,7 +1722,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  	e = hdr_insert_de(indx, hdr, new_de, NULL, ctx);
>  	if (!e) {
>  		err = -EINVAL;
> -		goto out1;
> +		goto out_put_n;
>  	}
>  	fnd_push(fnd, n, e);
>  
> @@ -1734,12 +1731,11 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
>  
>  	n = NULL;
>  
> -out1:
> +out_put_n:
> +	put_indx_node(n);
> +out_free_re:
>  	ntfs_free(re);
> -	if (n)
> -		put_indx_node(n);
> -
> -out:
> +out_free_root:
>  	ntfs_free(a_root);
>  	return err;
>  }
> 

Hi, Dan!

Applied all 3 patches, thanks!

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-08-27 17:47 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-24  7:49 [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Dan Carpenter
2021-08-24  7:50 ` [PATCH 2/3] fs/ntfs3: Potential NULL dereference in hdr_find_split() Dan Carpenter
2021-08-24  9:35   ` Kari Argillander
2021-08-24  7:51 ` [PATCH 3/3] fs/ntfs3: Fix error handling in indx_insert_into_root() Dan Carpenter
2021-08-24 10:22   ` Kari Argillander
2021-08-27 17:47   ` Konstantin Komarov
2021-08-24  9:03 ` [PATCH 1/3] fs/ntfs3: Fix error code in indx_add_allocate() Kari Argillander

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).