* potential null derefs in fs/btrfs/relocation.c
@ 2010-05-29 9:39 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2010-05-29 9:39 UTC (permalink / raw)
To: zheng.yan; +Cc: linux-btrfs
Hi hi,
Still going through some more smatch stuff and there are two potential
null dereferences in fs/btrfs/relocation.c
This was introduced by 3fd0a5585e: "Btrfs: Metadata ENOSPC handling for
balance"
fs/btrfs/relocation.c +791 build_backref_tree(142)
warn: variable dereferenced before check 'root'
787 root = find_tree_root(rc, eb, ref0);
788 if (!root->ref_cows)
^^^^^^^^^^^^^^
dereference here.
789 cur->cowonly = 1;
790 if (key.objectid == key.offset) {
791 if (root && !should_ignore_root(root))
^^^^^^^^
check here.
792 cur->root = root;
793 else
794 list_add(&cur->list, &useless);
795 break;
796 }
fs/btrfs/relocation.c +1241 __update_reloc_root(15)
error: potential null derefence 'node'.
1229 struct mapping_node *node = NULL;
^^^^^^^^^^^^^
1230 struct reloc_control *rc = root->fs_info->reloc_ctl;
1231
1232 spin_lock(&rc->reloc_root_tree.lock);
1233 rb_node = tree_search(&rc->reloc_root_tree.rb_root,
1234 root->commit_root->start);
1235 if (rb_node) {
1236 node = rb_entry(rb_node, struct mapping_node, rb_node);
1237 rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
1238 }
1239 spin_unlock(&rc->reloc_root_tree.lock);
1240
1241 BUG_ON((struct btrfs_root *)node->data != root);
^^^^^^^^^^
if tree_search() returns NULL it will oops here.
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-05-29 9:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-05-29 9:39 potential null derefs in fs/btrfs/relocation.c Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).