reiserfs: possible null pointer dereference during resize
authorDmitriy Monakhov <dmonakhov@sw.ru>
Tue, 8 May 2007 07:24:37 +0000 (00:24 -0700)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Tue, 8 May 2007 18:14:59 +0000 (11:14 -0700)
sb_read may return NULL, let's explicitly check it.  If so free new bitmap
blocks array, after this we may safely exit as it done above during bitmap
allocation.

Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/reiserfs/resize.c

index 315684793d1d8d0ff6b61ec08c4e9a5e4dc75d22..976cc7887a0dfe60c4f5933e7d7757acfb6cf8bf 100644 (file)
@@ -131,6 +131,10 @@ int reiserfs_resize(struct super_block *s, unsigned long block_count_new)
                        /* don't use read_bitmap_block since it will cache
                         * the uninitialized bitmap */
                        bh = sb_bread(s, i * s->s_blocksize * 8);
+                       if (!bh) {
+                               vfree(bitmap);
+                               return -EIO;
+                       }
                        memset(bh->b_data, 0, sb_blocksize(sb));
                        reiserfs_test_and_set_le_bit(0, bh->b_data);
                        reiserfs_cache_bitmap_metadata(s, bh, bitmap + i);