e2fsck: fix access after free for dx_db structure

author Artem Blagodarenko <artem.blagodarenko@gmail.com>

Sat, 4 Nov 2017 17:22:18 +0000 (20:22 +0300)

committer Theodore Ts'o <tytso@mit.edu>

Tue, 5 Dec 2017 03:09:53 +0000 (22:09 -0500)
author Artem Blagodarenko <artem.blagodarenko@gmail.com>
Sat, 4 Nov 2017 17:22:18 +0000 (20:22 +0300)
committer Theodore Ts'o <tytso@mit.edu>
Tue, 5 Dec 2017 03:09:53 +0000 (22:09 -0500)
diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c

index 7190c9772220ebd3e90ad251ffcf7fe5367a40cc..d931a87e8c0d6844c34fb45226f0d3a075609d3a 100644 (file)
--- a/e2fsck/pass2.c
+++ b/e2fsck/pass2.c
@@ -1062,7 +1062,7 @@ inline_read_fail:
                             fix_problem(ctx, PR_2_HTREE_BAD_ROOT, &cd->pctx)) {
                                 clear_htree(ctx, ino);
                                 dx_dir->numblocks = 0;
-                               dx_db = 0;
+                               dx_db = NULL;
                         }
                         dx_dir->hashversion = root->hash_version;
                         if ((dx_dir->hashversion <= EXT2_HASH_TEA) &&
@@ -1074,9 +1074,10 @@ inline_read_fail:
                            (ext2fs_dirent_name_len(dirent) == 0) &&
                            (ext2fs_le16_to_cpu(limit->limit) ==
                             ((fs->blocksize - (8 + dx_csum_size)) /
-                            sizeof(struct ext2_dx_entry))))
+                            sizeof(struct ext2_dx_entry)))) {
                         dx_db->type = DX_DIRBLOCK_NODE;
-               is_leaf = (dx_db->type == DX_DIRBLOCK_LEAF);
+               }
+               is_leaf = dx_db ? (dx_db->type == DX_DIRBLOCK_LEAF) : 0;
         }
  out_htree:
author	Artem Blagodarenko <artem.blagodarenko@gmail.com>
	Sat, 4 Nov 2017 17:22:18 +0000 (20:22 +0300)
committer	Theodore Ts'o <tytso@mit.edu>
	Tue, 5 Dec 2017 03:09:53 +0000 (22:09 -0500)