From: Darrick J. Wong Date: Wed, 21 Dec 2016 04:29:01 +0000 (-0600) Subject: xfs_repair: fix some potential null pointer deferences X-Git-Tag: v4.9.0-rc1~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff14f59410148c57263c2ac8fe1deb75f9ba0a59;p=thirdparty%2Fxfsprogs-dev.git xfs_repair: fix some potential null pointer deferences Fix some potential NULL pointer deferences that Coverity pointed out, and remove a trivial dead integer check. Coverity-id: 1375789, 1375790, 1375791, 1375792 Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Eric Sandeen --- diff --git a/repair/phase5.c b/repair/phase5.c index 3604d1d9c..cbda55642 100644 --- a/repair/phase5.c +++ b/repair/phase5.c @@ -1925,7 +1925,7 @@ _("Insufficient memory to construct refcount cursor.")); refc_rec = pop_slab_cursor(refc_cur); lptr = &btree_curs->level[0]; - for (i = 0; i < lptr->num_blocks; i++) { + for (i = 0; i < lptr->num_blocks && refc_rec != NULL; i++) { /* * block initialization, lay in block header */ diff --git a/repair/rmap.c b/repair/rmap.c index 45e183ac4..7508973c5 100644 --- a/repair/rmap.c +++ b/repair/rmap.c @@ -790,7 +790,7 @@ compute_refcounts( mark_inode_rl(mp, stack_top); /* Set nbno to the bno of the next refcount change */ - if (n < slab_count(rmaps)) + if (n < slab_count(rmaps) && array_cur) nbno = array_cur->rm_startblock; else nbno = NULLAGBLOCK; diff --git a/repair/slab.h b/repair/slab.h index 4aa551212..a2201f14a 100644 --- a/repair/slab.h +++ b/repair/slab.h @@ -54,7 +54,7 @@ extern void *bag_item(struct xfs_bag *, size_t); #define foreach_bag_ptr_reverse(bag, idx, ptr) \ for ((idx) = bag_count(bag) - 1, (ptr) = bag_item((bag), (idx)); \ - (idx) >= 0 && (ptr) != NULL; \ + (ptr) != NULL; \ (idx)--, (ptr) = bag_item((bag), (idx))) #endif /* SLAB_H_ */