Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Subject: Re: [PATCH] fs: btrfs: Fix a possible null-pointer dereference in
 insert_inline_extent()
To:     Jia-Ju Bai <baijiaju1990@gmail.com>, clm@fb.com,
        josef@toxicpanda.com, dsterba@suse.com
Cc:     linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20190724021132.27378-1-baijiaju1990@gmail.com>
 <df4b5d21-0983-3ca2-44de-ea9f1616df7f@gmx.com>
 <800ae777-928f-2969-d4dd-6f358a039e48@gmail.com>
From:   Qu Wenruo <quwenruo.btrfs@gmx.com>
Openpgp: preference=signencrypt
Autocrypt: addr=quwenruo.btrfs@gmx.com; prefer-encrypt=mutual; keydata=
 mQENBFnVga8BCACyhFP3ExcTIuB73jDIBA/vSoYcTyysFQzPvez64TUSCv1SgXEByR7fju3o
 8RfaWuHCnkkea5luuTZMqfgTXrun2dqNVYDNOV6RIVrc4YuG20yhC1epnV55fJCThqij0MRL
 1NxPKXIlEdHvN0Kov3CtWA+R1iNN0RCeVun7rmOrrjBK573aWC5sgP7YsBOLK79H3tmUtz6b
 9Imuj0ZyEsa76Xg9PX9Hn2myKj1hfWGS+5og9Va4hrwQC8ipjXik6NKR5GDV+hOZkktU81G5
 gkQtGB9jOAYRs86QG/b7PtIlbd3+pppT0gaS+wvwMs8cuNG+Pu6KO1oC4jgdseFLu7NpABEB
 AAG0IlF1IFdlbnJ1byA8cXV3ZW5ydW8uYnRyZnNAZ214LmNvbT6JAVQEEwEIAD4CGwMFCwkI
 BwIGFQgJCgsCBBYCAwECHgECF4AWIQQt33LlpaVbqJ2qQuHCPZHzoSX+qAUCWdWCnQUJCWYC
 bgAKCRDCPZHzoSX+qAR8B/94VAsSNygx1C6dhb1u1Wp1Jr/lfO7QIOK/nf1PF0VpYjTQ2au8
 ihf/RApTna31sVjBx3jzlmpy+lDoPdXwbI3Czx1PwDbdhAAjdRbvBmwM6cUWyqD+zjVm4RTG
 rFTPi3E7828YJ71Vpda2qghOYdnC45xCcjmHh8FwReLzsV2A6FtXsvd87bq6Iw2axOHVUax2
 FGSbardMsHrya1dC2jF2R6n0uxaIc1bWGweYsq0LXvLcvjWH+zDgzYCUB0cfb+6Ib/ipSCYp
 3i8BevMsTs62MOBmKz7til6Zdz0kkqDdSNOq8LgWGLOwUTqBh71+lqN2XBpTDu1eLZaNbxSI
 ilaVuQENBFnVga8BCACqU+th4Esy/c8BnvliFAjAfpzhI1wH76FD1MJPmAhA3DnX5JDORcga
 CbPEwhLj1xlwTgpeT+QfDmGJ5B5BlrrQFZVE1fChEjiJvyiSAO4yQPkrPVYTI7Xj34FnscPj
 /IrRUUka68MlHxPtFnAHr25VIuOS41lmYKYNwPNLRz9Ik6DmeTG3WJO2BQRNvXA0pXrJH1fN
 GSsRb+pKEKHKtL1803x71zQxCwLh+zLP1iXHVM5j8gX9zqupigQR/Cel2XPS44zWcDW8r7B0
 q1eW4Jrv0x19p4P923voqn+joIAostyNTUjCeSrUdKth9jcdlam9X2DziA/DHDFfS5eq4fEv
 ABEBAAGJATwEGAEIACYWIQQt33LlpaVbqJ2qQuHCPZHzoSX+qAUCWdWBrwIbDAUJA8JnAAAK
 CRDCPZHzoSX+qA3xB/4zS8zYh3Cbm3FllKz7+RKBw/ETBibFSKedQkbJzRlZhBc+XRwF61mi
 f0SXSdqKMbM1a98fEg8H5kV6GTo62BzvynVrf/FyT+zWbIVEuuZttMk2gWLIvbmWNyrQnzPl
 mnjK4AEvZGIt1pk+3+N/CMEfAZH5Aqnp0PaoytRZ/1vtMXNgMxlfNnb96giC3KMR6U0E+siA
 4V7biIoyNoaN33t8m5FwEwd2FQDG9dAXWhG13zcm9gnk63BN3wyCQR+X5+jsfBaS4dvNzvQv
 h8Uq/YGjCoV1ofKYh3WKMY8avjq25nlrhzD/Nto9jHp8niwr21K//pXVA81R2qaXqGbql+zo
Message-ID: <1b708c0d-8ea1-3898-0340-9cbce1fc2602@gmx.com>
Date:   Wed, 24 Jul 2019 10:57:24 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <800ae777-928f-2969-d4dd-6f358a039e48@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="8P9umWkBRMgPyJVimnHQNeO2GHHfHoECu"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--8P9umWkBRMgPyJVimnHQNeO2GHHfHoECu
Content-Type: multipart/mixed; boundary="9Chnxo7AV2HVOIDJ9jTxczmnC84KP88tt";
 protected-headers="v1"
From: Qu Wenruo <quwenruo.btrfs@gmx.com>
To: Jia-Ju Bai <baijiaju1990@gmail.com>, clm@fb.com, josef@toxicpanda.com,
 dsterba@suse.com
Cc: linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org
Message-ID: <1b708c0d-8ea1-3898-0340-9cbce1fc2602@gmx.com>
Subject: Re: [PATCH] fs: btrfs: Fix a possible null-pointer dereference in
 insert_inline_extent()
References: <20190724021132.27378-1-baijiaju1990@gmail.com>
 <df4b5d21-0983-3ca2-44de-ea9f1616df7f@gmx.com>
 <800ae777-928f-2969-d4dd-6f358a039e48@gmail.com>
In-Reply-To: <800ae777-928f-2969-d4dd-6f358a039e48@gmail.com>

--9Chnxo7AV2HVOIDJ9jTxczmnC84KP88tt
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable


On 2019/7/24 =E4=B8=8A=E5=8D=8810:33, Jia-Ju Bai wrote:
>=20
>=20
> On 2019/7/24 10:21, Qu Wenruo wrote:
>>
>> On 2019/7/24 =E4=B8=8A=E5=8D=8810:11, Jia-Ju Bai wrote:
>>> In insert_inline_extent(), there is an if statement on line 181 to ch=
eck
>>> whether compressed_pages is NULL:
>>> =C2=A0=C2=A0=C2=A0=C2=A0 if (compressed_size && compressed_pages)
>>>
>>> When compressed_pages is NULL, compressed_pages is used on line 215:
>>> =C2=A0=C2=A0=C2=A0=C2=A0 cpage =3D compressed_pages[i];
>>>
>>> Thus, a possible null-pointer dereference may occur.
>>>
>>> To fix this possible bug, compressed_pages is checked on line 214.
>> This can only be hit with compressed_size > 0 and compressed_pages !=3D=

>> NULL.
>>
>> It would be better to have an extra ASSERT() to warn developers about
>> the impossible case.
>=20
> Thanks for the reply :)
> So I should add ASSERT(compressed_size > 0 & compressed_pages) at the
> beginning of the function, and remove "if (compressed_size &&
> compressed_pages)"?

My suggestion is, ASSERT((compressed_size >0 && compressed_pages) ||
(compressed_size =3D=3D 0 && !compressed_pages))

And keeps the original checks.

Anyway, just a suggestion.

Thanks,
Qu

>=20
>=20
> Best wishes,
> Jia-Ju Bai


--9Chnxo7AV2HVOIDJ9jTxczmnC84KP88tt--

--8P9umWkBRMgPyJVimnHQNeO2GHHfHoECu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELd9y5aWlW6idqkLhwj2R86El/qgFAl03yRQACgkQwj2R86El
/qhQpAf/aASnQHz7PwJ0xw1veji8X3dEG3Yx9WiqBfTEasg+ubm7GUgiIFyulmvF
kTULSCf3IFHn1TNJWC6QlZ5O0QeyAKHKrbLcOBQyanNr9KhfBpxUt6AXG3KwpYWn
rOf1Iz7NoFwJKgHfyQsEkwIpupuY7IIChtyE5D52AoU8Af4XKRIW4Ll6zLiN/DKm
EFudi6f5M5MWNhdjNL2gTaQkyw8wBa2gP061m80VEWhwZdIvYDkrKtX3xucdAjM8
QaJCJpO+1zn0YjdJqHKmh8MzYVqJJ09pcyKo0pW6Q9w2yRRWQBP5zY/5mmZ75CqX
pHqI9SUZxiUlbvs9jDbi1pDgfoYqpQ==
=BUZl
-----END PGP SIGNATURE-----

--8P9umWkBRMgPyJVimnHQNeO2GHHfHoECu--