git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jia-Ju Bai <baijiaju@buaa.edu.cn>
	Tue, 21 Mar 2023 13:22:11 +0000 (21:22 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 26 Aug 2023 12:23:25 +0000 (14:23 +0200)
commit	3a00ec562f8cb4c926583f1a18386c830ce3381f
tree	9de4bbf6811750a94c50b1a314105e4f04e560e5	tree
parent	e7799bb4dbe26bfb665f29ea87981708fd6012d8	commit \| diff

fs: ntfs3: Fix possible null-pointer dereferences in mi_read()

[ Upstream commit 97498cd610c0d030a7bd49a7efad974790661162 ]

In a previous commit 2681631c2973 ("fs/ntfs3: Add null pointer check to
attr_load_runs_vcn"), ni can be NULL in attr_load_runs_vcn(), and thus it
should be checked before being used.

However, in the call stack of this commit, mft_ni in mi_read() is
aliased with ni in attr_load_runs_vcn(), and it is also used in
mi_read() at two places:

mi_read()
  rw_lock = &mft_ni->file.run_lock -> No check
  attr_load_runs_vcn(mft_ni, ...)
    ni (namely mft_ni) is checked in the previous commit
  attr_load_runs_vcn(..., &mft_ni->file.run) -> No check

Thus, to avoid possible null-pointer dereferences, the related checks
should be added.

These bugs are reported by a static analysis tool implemented by myself,
and they are found by extending a known bug fixed in the previous commit.
Thus, they could be theoretical bugs.

Signed-off-by: Jia-Ju Bai <baijiaju@buaa.edu.cn>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>