Inside function o2hb_region_blocks_store(), to_o2hb_region()
could return NULL but there's no check before its dereference,
which is potentially unsafe.
Signed-off-by: Yizhuo <[email protected]>
---
fs/ocfs2/cluster/heartbeat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/cluster/heartbeat.c b/fs/ocfs2/cluster/heartbeat.c
index a368350d4c27..93f2b540f245 100644
--- a/fs/ocfs2/cluster/heartbeat.c
+++ b/fs/ocfs2/cluster/heartbeat.c
@@ -1628,7 +1628,7 @@ static ssize_t o2hb_region_blocks_store(struct config_item *item,
unsigned long tmp;
char *p = (char *)page;
- if (reg->hr_bdev)
+ if (!reg || reg->hr_bdev)
return -EINVAL;
tmp = simple_strtoul(p, &p, 0);
--
2.17.1
On 19/10/10 09:07, Yizhuo wrote:
> Inside function o2hb_region_blocks_store(), to_o2hb_region()
> could return NULL but there's no check before its dereference,
> which is potentially unsafe.
As I described before, this won't happen IMHO.
configfs item is initialized after loading module, so region should
be valid here.
Thanks,
Joseph
>
> Signed-off-by: Yizhuo <[email protected]>
> ---
> fs/ocfs2/cluster/heartbeat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ocfs2/cluster/heartbeat.c b/fs/ocfs2/cluster/heartbeat.c
> index a368350d4c27..93f2b540f245 100644
> --- a/fs/ocfs2/cluster/heartbeat.c
> +++ b/fs/ocfs2/cluster/heartbeat.c
> @@ -1628,7 +1628,7 @@ static ssize_t o2hb_region_blocks_store(struct config_item *item,
> unsigned long tmp;
> char *p = (char *)page;
>
> - if (reg->hr_bdev)
> + if (!reg || reg->hr_bdev)
> return -EINVAL;
>
> tmp = simple_strtoul(p, &p, 0);
>