| To: | Adrian Bunk <bunk@xxxxxxxxx> |
|---|---|
| Subject: | Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced |
| From: | David Chinner <dgc@xxxxxxx> |
| Date: | Fri, 7 Jul 2006 09:32:46 +1000 |
| Cc: | xfs-masters@xxxxxxxxxxx, xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| In-reply-to: | <20060706211320.GW26941@stusta.de> |
| References: | <20060706211320.GW26941@stusta.de> |
| Sender: | xfs-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.4.2.1i |
On Thu, Jul 06, 2006 at 11:13:20PM +0200, Adrian Bunk wrote:
> The Coverity checker spotted the following:
>
> <-- snip -->
>
> ...
> STATIC int
> xfs_readdir(
> bhv_desc_t *dir_bdp,
> uio_t *uiop,
> cred_t *credp,
> int *eofp)
> {
> xfs_inode_t *dp;
> xfs_trans_t *tp = NULL;
> int error = 0;
> uint lock_mode;
>
> vn_trace_entry(BHV_TO_VNODE(dir_bdp), __FUNCTION__,
> (inst_t *)__return_address);
> dp = XFS_BHVTOI(dir_bdp);
>
> if (XFS_FORCED_SHUTDOWN(dp->i_mount))
> return XFS_ERROR(EIO);
>
> lock_mode = xfs_ilock_map_shared(dp);
> error = xfs_dir_getdents(tp, dp, uiop, eofp);
> xfs_iunlock_map_shared(dp, lock_mode);
> return error;
> }
> ...
>
> <-- snip -->
>
> Note that tp is never assigned any value other than NULL (and the
> Coverity checker found a way how tp might be dereferenced four function
> calls later).
Then the bug is probably in the function call that uses tp without
first checking whether it's null. Can you tell us where that dereference
occurs?
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Anyone use xfs_growfs under Linux?, Keith Owens |
|---|---|
| Next by Date: | Re: Anyone use xfs_growfs under Linux?, Keith Owens |
| Previous by Thread: | Anyone use xfs_growfs under Linux?, Justin Piszcz |
| Next by Thread: | Re: [xfs-masters] Re: fs/xfs/xfs_vnodeops.c:xfs_readdir(): NULL variable dereferenced, Nathan Scott |
| Indexes: | [Date] [Thread] [Top] [All Lists] |