Dave Chinner wrote:
> When xfs_rtfind_forw() returns an error, the block is returned
> uninitialised. xfs_rtfree_range() is not checking the error return,
> so could be using an uninitialised block number for modifying bitmap
> summary info.
>
> The problem was found by gcc when compiling the *userspace* libxfs
> code - it is an copy of the kernel code with the exact same bug.
> gcc gives an uninitialised variable warning on the userspace code
> but not on the kernel code. You gotta love the consistency (Mmmm,
> slightly chewy today!).
Looks good. I'll send this for 2.6.33-rc4.
> Signed-off-by: Dave Chinner <david@xxxxxxxxxxxxx>
Reviewed-by: Alex Elder <aelder@xxxxxxx>
> fs/xfs/xfs_rtalloc.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c
> index 9e15a11..6be05f7 100644
> --- a/fs/xfs/xfs_rtalloc.c
> +++ b/fs/xfs/xfs_rtalloc.c
> @@ -1517,6 +1517,8 @@ xfs_rtfree_range(
> */
> error = xfs_rtfind_forw(mp, tp, end, mp->m_sb.sb_rextents - 1,
> &postblock);
> + if (error)
> + return error;
> /*
> * If there are blocks not being freed at the front of the
> * old extent, add summary data for them to be allocated.
|