In insert_inline_extent(), the case that compressed_size > 0
and compressed_pages = NULL cannot occur, otherwise a null-pointer
dereference may occur on line 215:
cpage = compressed_pages[i];
To warn this incorrect case, an assertion is added.
Thank Qu Wenruo and David Sterba for good advice.
Signed-off-by: Jia-Ju Bai <[email protected]>
---
fs/btrfs/inode.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1af069a9a0c7..21d6e2dcc25f 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -178,6 +178,9 @@ static int insert_inline_extent(struct btrfs_trans_handle *trans,
size_t cur_size = size;
unsigned long offset;
+ ASSERT((compressed_size > 0 && compressed_pages) ||
+ (compressed_size == 0 && !compressed_pages))
+
if (compressed_size && compressed_pages)
cur_size = compressed_size;
--
2.17.0
On 2019/7/27 下午4:51, Jia-Ju Bai wrote:
> In insert_inline_extent(), the case that compressed_size > 0
> and compressed_pages = NULL cannot occur, otherwise a null-pointer
> dereference may occur on line 215:
> cpage = compressed_pages[i];
>
> To warn this incorrect case, an assertion is added.
> Thank Qu Wenruo and David Sterba for good advice.
>
> Signed-off-by: Jia-Ju Bai <[email protected]>
Reviewed-by: Qu Wenruo <[email protected]>
Thanks,
Qu
> ---
> fs/btrfs/inode.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index 1af069a9a0c7..21d6e2dcc25f 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -178,6 +178,9 @@ static int insert_inline_extent(struct btrfs_trans_handle *trans,
> size_t cur_size = size;
> unsigned long offset;
>
> + ASSERT((compressed_size > 0 && compressed_pages) ||
> + (compressed_size == 0 && !compressed_pages))
> +
> if (compressed_size && compressed_pages)
> cur_size = compressed_size;
>
>
On Sat, Jul 27, 2019 at 04:51:13PM +0800, Jia-Ju Bai wrote:
> In insert_inline_extent(), the case that compressed_size > 0
> and compressed_pages = NULL cannot occur, otherwise a null-pointer
> dereference may occur on line 215:
> cpage = compressed_pages[i];
>
> To warn this incorrect case, an assertion is added.
> Thank Qu Wenruo and David Sterba for good advice.
>
> Signed-off-by: Jia-Ju Bai <[email protected]>
> ---
> fs/btrfs/inode.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index 1af069a9a0c7..21d6e2dcc25f 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -178,6 +178,9 @@ static int insert_inline_extent(struct btrfs_trans_handle *trans,
> size_t cur_size = size;
> unsigned long offset;
>
> + ASSERT((compressed_size > 0 && compressed_pages) ||
> + (compressed_size == 0 && !compressed_pages))
Thanks. I expect that the static checking tools can be instructed to
understand that the condition has been checked and is not missing in the
code below. ASSERT is conditinally a BUG() wrapper, otherwise a no-op.
Btw, it's also good to check that the code compiles, the statement is
missing semicolon.