linux/fs/ext4
Carlos Maiolino 90b0a97323 ext4: fix possible non-initialized variable in htree_dirblock_to_tree()
htree_dirblock_to_tree() declares a non-initialized 'err' variable,
which is passed as a reference to another functions expecting them to
set this variable with their error codes.

It's passed to ext4_bread(), which then passes it to ext4_getblk(). If
ext4_map_blocks() returns 0 due to a lookup failure, leaving the
ext4_getblk() buffer_head uninitialized, it will make ext4_getblk()
return to ext4_bread() without initialize the 'err' variable, and
ext4_bread() will return to htree_dirblock_to_tree() with this variable
still uninitialized.  htree_dirblock_to_tree() will pass this variable
with garbage back to ext4_htree_fill_tree(), which expects a number of
directory entries added to the rb-tree. which, in case, might return a
fake non-zero value due the garbage left in the 'err' variable, leading
the kernel to an Oops in ext4_dx_readdir(), once this is expecting a
filled rb-tree node, when in turn it will have a NULL-ed one, causing an
invalid page request when trying to get a fname struct from this NULL-ed
rb-tree node in this line:

fname = rb_entry(info->curr_node, struct fname, rb_hash);

The patch itself initializes the err variable in
htree_dirblock_to_tree() to avoid usage mistakes by the called
functions, and also fix ext4_getblk() to return a initialized 'err'
variable when ext4_map_blocks() fails a lookup.

Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-09-17 23:39:12 -04:00
..
acl.c switch posix_acl_equiv_mode() to umode_t * 2011-08-01 02:10:06 -04:00
acl.h fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
balloc.c ext4: don't call ext4_error while block group is locked 2012-08-17 09:06:06 -04:00
bitmap.c ext4: don't call ext4_error while block group is locked 2012-08-17 09:06:06 -04:00
block_validity.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
dir.c ext4: use core vfs llseek code for dir seeks 2012-07-23 00:00:28 +04:00
ext4_extents.h ext4: verify and calculate checksums for extent tree blocks 2012-04-29 18:37:10 -04:00
ext4_jbd2.c ext4: remove unnecessary argument from __ext4_handle_dirty_metadata() 2012-07-22 20:37:31 -04:00
ext4_jbd2.h ext4: remove unnecessary argument from __ext4_handle_dirty_metadata() 2012-07-22 20:37:31 -04:00
ext4.h ext4: grow the s_group_info array as needed 2012-09-05 01:31:50 -04:00
extents.c ext4: fix trivial typo in comment 2012-08-18 22:38:07 -04:00
file.c The usual collection of bug fixes and optimizations. Perhaps of 2012-07-27 20:52:25 -07:00
fsync.c ext4: check return value of blkdev_issue_flush() 2012-08-17 09:58:17 -04:00
hash.c ext4: return 32/64-bit dir name hash according to usage type 2012-03-18 22:44:40 -04:00
ialloc.c ext4: remove useless marking of superblock dirty 2012-07-22 20:29:31 -04:00
indirect.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
inode.c ext4: fix possible non-initialized variable in htree_dirblock_to_tree() 2012-09-17 23:39:12 -04:00
ioctl.c ext4: add online resizing support for meta_bg and 64-bit file systems 2012-09-05 01:33:50 -04:00
Kconfig ext4: load the crc32c driver if necessary 2012-04-29 18:27:10 -04:00
Makefile ext4: move ext4_ind_* functions from inode.c to indirect.c 2011-06-27 19:40:50 -04:00
mballoc.c ext4: grow the s_group_info array as needed 2012-09-05 01:31:50 -04:00
mballoc.h ext4: remove unused macro MB_DEFAULT_MAX_GROUPS_TO_SCAN 2012-08-17 10:00:17 -04:00
migrate.c userns: Convert ext4 to user kuid/kgid where appropriate 2012-05-15 14:59:27 -07:00
mmp.c ext4: Convert to new freezing mechanism 2012-07-31 09:45:48 +04:00
move_extent.c ext4: add some tracepoints in ext4/extents.c 2011-09-09 19:18:51 -04:00
namei.c ext4: fix possible non-initialized variable in htree_dirblock_to_tree() 2012-09-17 23:39:12 -04:00
page-io.c Revert "ext4: don't release page refs in ext4_end_bio()" 2012-03-29 17:00:56 -07:00
resize.c ext4: log a resize update to the console every 10 seconds 2012-09-13 10:24:21 -04:00
super.c ext4: do not enable delalloc by default for ext2 2012-09-17 22:54:36 -04:00
symlink.c
truncate.h ext4: move common truncate functions to header file 2011-06-27 19:16:04 -04:00
xattr_security.c Merge branch 'for_linus' into for_linus_merged 2012-01-10 11:54:07 -05:00
xattr_trusted.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr_user.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr.c ext4: use s_csum_seed instead of i_csum_seed for xattr block 2012-07-09 16:29:27 -04:00
xattr.h ext4: change on-disk layout to support extended metadata checksumming 2012-04-29 18:23:10 -04:00