From: Dan Carpenter <error27@gmail.com>
Date: Tue, 24 Feb 2009 17:14:48 +0000 (-0500)
Subject: ext4: Fix NULL dereference in ext4_ext_migrate()'s error handling
X-Git-Tag: v2.6.28.8~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49d5e9a1f84aae864ac49b9579efcd99ce6993f4;p=thirdparty%2Fkernel%2Fstable.git

ext4: Fix NULL dereference in ext4_ext_migrate()'s error handling

(cherry picked from commit 090542641de833c6f756895fc2f139f046e298f9)

This was found through a code checker (http://repo.or.cz/w/smatch.git/).
It looks like you might be able to trigger the error by trying to migrate
a readonly file system.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
index f2a9cf498ecda..9aa0fbee8aa8e 100644
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -480,7 +480,7 @@ int ext4_ext_migrate(struct inode *inode)
 					+ 1);
 	if (IS_ERR(handle)) {
 		retval = PTR_ERR(handle);
-		goto err_out;
+		return retval;
 	}
 	tmp_inode = ext4_new_inode(handle,
 				inode->i_sb->s_root->d_inode,
@@ -488,8 +488,7 @@ int ext4_ext_migrate(struct inode *inode)
 	if (IS_ERR(tmp_inode)) {
 		retval = -ENOMEM;
 		ext4_journal_stop(handle);
-		tmp_inode = NULL;
-		goto err_out;
+		return retval;
 	}
 	i_size_write(tmp_inode, i_size_read(inode));
 	/*
@@ -617,8 +616,7 @@ err_out:
 
 	ext4_journal_stop(handle);
 
-	if (tmp_inode)
-		iput(tmp_inode);
+	iput(tmp_inode);
 
 	return retval;
 }