Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Subject: Re: [PATCH] fs: btrfs: Fix a possible null-pointer dereference in
 insert_inline_extent()
To:     Qu Wenruo <quwenruo.btrfs@gmx.com>, clm@fb.com,
        josef@toxicpanda.com, dsterba@suse.com
Cc:     linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20190724021132.27378-1-baijiaju1990@gmail.com>
 <df4b5d21-0983-3ca2-44de-ea9f1616df7f@gmx.com>
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
Message-ID: <800ae777-928f-2969-d4dd-6f358a039e48@gmail.com>
Date:   Wed, 24 Jul 2019 10:33:51 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <df4b5d21-0983-3ca2-44de-ea9f1616df7f@gmx.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk


On 2019/7/24 10:21, Qu Wenruo wrote:
>
> On 2019/7/24 上午10:11, Jia-Ju Bai wrote:
>> In insert_inline_extent(), there is an if statement on line 181 to check
>> whether compressed_pages is NULL:
>>      if (compressed_size && compressed_pages)
>>
>> When compressed_pages is NULL, compressed_pages is used on line 215:
>>      cpage = compressed_pages[i];
>>
>> Thus, a possible null-pointer dereference may occur.
>>
>> To fix this possible bug, compressed_pages is checked on line 214.
> This can only be hit with compressed_size > 0 and compressed_pages != NULL.
>
> It would be better to have an extra ASSERT() to warn developers about
> the impossible case.

Thanks for the reply :)
So I should add ASSERT(compressed_size > 0 & compressed_pages) at the 
beginning of the function, and remove "if (compressed_size && 
compressed_pages)"?


Best wishes,
Jia-Ju Bai