linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dan Carpenter <error27@gmail.com>
To: zheng.yan@oracle.com
Cc: linux-btrfs@vger.kernel.org
Subject: potential null derefs in fs/btrfs/relocation.c
Date: Sat, 29 May 2010 11:39:55 +0200	[thread overview]
Message-ID: <20100529093955.GA5483@bicker> (raw)

Hi hi,

Still going through some more smatch stuff and there are two potential
null dereferences in fs/btrfs/relocation.c

This was introduced by 3fd0a5585e: "Btrfs: Metadata ENOSPC handling for
balance"

fs/btrfs/relocation.c +791 build_backref_tree(142)
	warn: variable dereferenced before check 'root'
   787                  root = find_tree_root(rc, eb, ref0);
   788                  if (!root->ref_cows)
                             ^^^^^^^^^^^^^^
	dereference here.

   789                          cur->cowonly = 1;
   790                  if (key.objectid == key.offset) {
   791                          if (root && !should_ignore_root(root))
                                   ^^^^^^^^

	check here.

   792                                  cur->root = root;
   793                          else
   794                                  list_add(&cur->list, &useless);
   795                          break;
   796                  }

fs/btrfs/relocation.c +1241 __update_reloc_root(15)
	error: potential null derefence 'node'.
  1229          struct mapping_node *node = NULL;
                                    ^^^^^^^^^^^^^

  1230          struct reloc_control *rc = root->fs_info->reloc_ctl;
  1231  
  1232          spin_lock(&rc->reloc_root_tree.lock);
  1233          rb_node = tree_search(&rc->reloc_root_tree.rb_root,
  1234                                root->commit_root->start);
  1235          if (rb_node) {
  1236                  node = rb_entry(rb_node, struct mapping_node, rb_node);
  1237                  rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
  1238          }
  1239          spin_unlock(&rc->reloc_root_tree.lock);
  1240  
  1241          BUG_ON((struct btrfs_root *)node->data != root);
                                            ^^^^^^^^^^
	if tree_search() returns NULL it will oops here.

regards,
dan carpenter

                 reply	other threads:[~2010-05-29  9:39 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100529093955.GA5483@bicker \
    --to=error27@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=zheng.yan@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).