From 87307113f6f6dc3da91d0d01c5431c008ceaac77 Mon Sep 17 00:00:00 2001 From: Dave Chinner Date: Wed, 29 Jun 2016 11:12:48 +1000 Subject: [PATCH] libxfs: fix use after from in xfs_trans_roll When porting the transaction alocation interface to userspace (commit 9074815), I missed a change in xfs_trans_roll() that could lead to a use after free. Coverity spotted it, so fix it. Coverity-id: 1362812 Signed-off-by: Dave Chinner --- libxfs/trans.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libxfs/trans.c b/libxfs/trans.c index 521a049be..a4d97829e 100644 --- a/libxfs/trans.c +++ b/libxfs/trans.c @@ -103,6 +103,7 @@ libxfs_trans_roll( struct xfs_trans **tpp, struct xfs_inode *dp) { + struct xfs_mount *mp; struct xfs_trans *trans; struct xfs_trans_res tres; int error; @@ -117,6 +118,7 @@ libxfs_trans_roll( /* * Copy the critical parameters from one trans to the next. */ + mp = trans->t_mountp; tres.tr_logres = trans->t_log_res; tres.tr_logcount = trans->t_log_count; @@ -141,7 +143,7 @@ libxfs_trans_roll( * the prior and the next transactions. */ tres.tr_logflags = XFS_TRANS_PERM_LOG_RES; - error = libxfs_trans_alloc(trans->t_mountp, &tres, 0, 0, 0, tpp); + error = libxfs_trans_alloc(mp, &tres, 0, 0, 0, tpp); trans = *tpp; /* * Ensure that the inode is in the new transaction and locked. -- 2.39.2