<div>xfsprogs: repair pagefaults due to unhandled NULL check in da_read_buf()<br> <br>xfs_repair does not correctly handle bplist[i] for error situations in<br>function da_read_buf(). If libxfs_readbuf() fails then bplist[i] = NULL,<br>
but error handing code calls libxfs_putbuf(bdlist[i]) for all indexes of i<br>without first checking whether its NULL. This result in pagefault in<br>libpthread library during pthread_mutex_unlock().<br>This problem is identified when we remove the storage while xfs_repair<br>
is running on it.<br> <br>Signed-off-by: Ajeet Yadav &lt;<a href="mailto:ajeet.yadav.77@gmail.com">ajeet.yadav.77@gmail.com</a>&gt;<br> <br>diff -Nurp xfsprogs/repair/dir2.c xfsprogs-dirty/repair/dir2.c<br>--- xfsprogs/repair/dir2.c      2010-07-16 13:07:09.000000000 +0900<br>
+++ xfsprogs-dirty/repair/dir2.c        2011-01-28 18:49:21.000000000 +0900<br>@@ -110,9 +110,10 @@ da_read_buf(<br>                bplist[i] = libxfs_readbuf(mp-&gt;m_dev,<br>                                XFS_FSB_TO_DADDR(mp, bmp[i].startblock),<br>
                                XFS_FSB_TO_BB(mp, bmp[i].blockcount), 0);<br>-               if (!bplist[i])<br>+               if (!bplist[i]){<br>+                       nex = i;<br>                        goto failed;<br>
-<br>+               }<br>                pftrace(&quot;readbuf %p (%llu, %d)&quot;, bplist[i],<br>                        (long long)XFS_BUF_ADDR(bplist[i]),<br>                        XFS_BUF_COUNT(bplist[i]));</div>