[thirdparty/kernel/stable-queue.git] / releases / 3.4.2 / ext4-fix-potential-null-dereference-in-ext4_free_inodes_counts.patch

From bb3d132a24cd8bf5e7773b2d9f9baa58b07a7dae Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 28 May 2012 14:16:57 -0400
Subject: ext4: fix potential NULL dereference in ext4_free_inodes_counts()

From: Dan Carpenter <dan.carpenter@oracle.com>

commit bb3d132a24cd8bf5e7773b2d9f9baa58b07a7dae upstream.

The ext4_get_group_desc() function returns NULL on error, and
ext4_free_inodes_count() function dereferences it without checking.
There is a check on the next line, but it's too late.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/ialloc.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -488,10 +488,12 @@ fallback_retry:
 	for (i = 0; i < ngroups; i++) {
 		grp = (parent_group + i) % ngroups;
 		desc = ext4_get_group_desc(sb, grp, NULL);
-		grp_free = ext4_free_inodes_count(sb, desc);
-		if (desc && grp_free && grp_free >= avefreei) {
-			*group = grp;
-			return 0;
+		if (desc) {
+			grp_free = ext4_free_inodes_count(sb, desc);
+			if (grp_free && grp_free >= avefreei) {
+				*group = grp;
+				return 0;
+			}
 		}
 	}
Commit	Line	Data
fc126d9e GKH	1	From bb3d132a24cd8bf5e7773b2d9f9baa58b07a7dae Mon Sep 17 00:00:00 2001
	2	From: Dan Carpenter <dan.carpenter@oracle.com>
	3	Date: Mon, 28 May 2012 14:16:57 -0400
	4	Subject: ext4: fix potential NULL dereference in ext4_free_inodes_counts()
	5
	6	From: Dan Carpenter <dan.carpenter@oracle.com>
	7
	8	commit bb3d132a24cd8bf5e7773b2d9f9baa58b07a7dae upstream.
	9
	10	The ext4_get_group_desc() function returns NULL on error, and
	11	ext4_free_inodes_count() function dereferences it without checking.
	12	There is a check on the next line, but it's too late.
	13
	14	Reviewed-by: Jan Kara <jack@suse.cz>
	15	Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
	16	Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
	17	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	18
	19	---
	20	fs/ext4/ialloc.c \| 10 ++++++----
	21	1 file changed, 6 insertions(+), 4 deletions(-)
	22
	23	--- a/fs/ext4/ialloc.c
	24	+++ b/fs/ext4/ialloc.c
	25	@@ -488,10 +488,12 @@ fallback_retry:
	26	for (i = 0; i < ngroups; i++) {
	27	grp = (parent_group + i) % ngroups;
	28	desc = ext4_get_group_desc(sb, grp, NULL);
	29	- grp_free = ext4_free_inodes_count(sb, desc);
	30	- if (desc && grp_free && grp_free >= avefreei) {
	31	- *group = grp;
	32	- return 0;
	33	+ if (desc) {
	34	+ grp_free = ext4_free_inodes_count(sb, desc);
	35	+ if (grp_free && grp_free >= avefreei) {
	36	+ *group = grp;
	37	+ return 0;
	38	+ }
	39	}
	40	}
	41