Unverified Commit aa4b92c5 authored by Danila Chernetsov's avatar Danila Chernetsov Committed by Christian Brauner
Browse files

ntfs: do not dereference a null ctx on error 



In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs
prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL
'ctx' pointer in error handling.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: default avatarDanila Chernetsov <listdansp@mail.ru>
Reviewed-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 6405fee9

fs/ntfs/mft.c

+19 −17
Original line number Diff line number Diff line
@@ -1955,12 +1955,14 @@ static int ntfs_mft_data_extend_allocation_nolock(ntfs_volume *vol) 
				"attribute.%s", es);

		NVolSetErrors(vol);

	}

	a = ctx->attr;



	if (ntfs_rl_truncate_nolock(vol, &mft_ni->runlist, old_last_vcn)) {

		ntfs_error(vol->sb, "Failed to truncate mft data attribute "

				"runlist.%s", es);

		NVolSetErrors(vol);

	}

	if (ctx) {

		a = ctx->attr;

		if (mp_rebuilt && !IS_ERR(ctx->mrec)) {

			if (ntfs_mapping_pairs_build(vol, (u8 *)a + le16_to_cpu(

				a->data.non_resident.mapping_pairs_offset),
@@ -1983,8 +1985,8 @@ static int ntfs_mft_data_extend_allocation_nolock(ntfs_volume *vol) 
				"context.%s", es);

			NVolSetErrors(vol);

		}

	if (ctx)

		ntfs_attr_put_search_ctx(ctx);

	}

	if (!IS_ERR(mrec))

		unmap_mft_record(mft_ni);

	up_write(&mft_ni->runlist.lock);