Date: Fri, 16 Apr 2004 14:58:20 -0700 (PDT)
From: Linus Torvalds <torvalds@osdl.org>
To: Dave Jones <davej@redhat.com>
cc: Linux Kernel <linux-kernel@vger.kernel.org>,
       bfennema@falcon.csc.calpoly.edu
Subject: Re: Fix UDF-FS potentially dereferencing null
In-Reply-To: <20040416214104.GT20937@redhat.com>
Message-ID: <Pine.LNX.4.58.0404161456140.3947@ppc970.osdl.org>
References: <20040416214104.GT20937@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1434
Lines: 45


Again, "dir" cannot be NULL here, that would be a much more fundamental 
bug and just impossible (the way we get to this thing is to follow the 
directory operations - which we find by looking at "dir").

Maybe we could tell the compiler that "dir" is safe to dereference some 
way? Or add a 'sparse' annotation about safe pointers?

I'd rather just remove the bogus check for a NULL dir pointer..

		Linus

On Fri, 16 Apr 2004, Dave Jones wrote:
>
> Move size instantiation after null check for 'dir', nearer
> to where its first used.
> 
> 		Dave
> 
> --- linux-2.6.5/fs/udf/namei.c~	2004-04-16 22:38:28.000000000 +0100
> +++ linux-2.6.5/fs/udf/namei.c	2004-04-16 22:39:25.000000000 +0100
> @@ -159,7 +159,7 @@
>  	char *nameptr;
>  	uint8_t lfi;
>  	uint16_t liu;
> -	loff_t size = (udf_ext0_offset(dir) + dir->i_size) >> 2;
> +	loff_t size;
>  	lb_addr bloc, eloc;
>  	uint32_t extoffset, elen, offset;
>  	struct buffer_head *bh = NULL;
> @@ -202,6 +202,8 @@
>  		return NULL;
>  	}
>  
> +	size = (udf_ext0_offset(dir) + dir->i_size) >> 2;
> +
>  	while ( (f_pos < size) )
>  	{
>  		fi = udf_fileident_read(dir, &f_pos, fibh, cfi, &bloc, &extoffset, &eloc, &elen, &offset, &bh);
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/