ntfs: fix variable dereferenced before check warnings

Detected by Smatch.

lcnalloc.c:736 ntfs_cluster_alloc() error:
  we previously assumed 'rl' could be null (see line 719)

inode.c:3275 ntfs_inode_close() warn:
  variable dereferenced before check 'tmp_nis' (see line 3255)

attrib.c:4952 ntfs_attr_remove() warn:
  variable dereferenced before check 'ni' (see line 4951)

dir.c:1035 ntfs_readdir() error:
  we previously assumed 'private' could be null (see line 850)

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 7c523eb87894019ef53498f2846878ff2f13c567..1477dbd3af8246b182f75cf0297cc49c556dc38e 100644 (file)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -4941,23 +4941,19 @@ int ntfs_attr_exist(struct ntfs_inode *ni, const __le32 type, __le16 *name,
 int ntfs_attr_remove(struct ntfs_inode *ni, const __le32 type, __le16 *name,
                u32 name_len)
 {
-       struct super_block *sb;
        int err;
        struct inode *attr_vi;
        struct ntfs_inode *attr_ni;
 
        ntfs_debug("Entering\n");
 
-       sb = ni->vol->sb;
-       if (!ni) {
-               ntfs_error(sb, "NULL inode pointer\n");
+       if (!ni)
                return -EINVAL;
-       }
 
        attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len);
        if (IS_ERR(attr_vi)) {
                err = PTR_ERR(attr_vi);
-               ntfs_error(sb, "Failed to open attribute 0x%02x of inode 0x%llx",
+               ntfs_error(ni->vol->sb, "Failed to open attribute 0x%02x of inode 0x%llx",
                                type, (unsigned long long)ni->mft_no);
                return err;
        }
@@ -4965,7 +4961,7 @@ int ntfs_attr_remove(struct ntfs_inode *ni, const __le32 type, __le16 *name,
 
        err = ntfs_attr_rm(attr_ni);
        if (err)
-               ntfs_error(sb, "Failed to remove attribute 0x%02x of inode 0x%llx",
+               ntfs_error(ni->vol->sb, "Failed to remove attribute 0x%02x of inode 0x%llx",
                                type, (unsigned long long)ni->mft_no);
        iput(attr_vi);
        return err;

diff --git a/fs/ntfs/dir.c b/fs/ntfs/dir.c
index a6fcbde540a7ed6e84071ec5f8a5113fd26ca611..bfa904d2ce66592f5e352dc35bd74ef0576c993b 100644 (file)
--- a/fs/ntfs/dir.c
+++ b/fs/ntfs/dir.c
@@ -1032,8 +1032,10 @@ out:
        }
 
        if (err) {
-               private->curr_pos = actor->pos;
-               private->end_in_iterate = true;
+               if (private) {
+                       private->curr_pos = actor->pos;
+                       private->end_in_iterate = true;
+               }
                err = 0;
        }
        ntfs_index_ctx_put(ictx);

diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index 7547174a99ae02470a426befc55533251be1a6cc..0c202a03360f9cc9573700d2e31ce971c184bd62 100644 (file)
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -3250,8 +3250,10 @@ int ntfs_inode_close(struct ntfs_inode *ni)
         * base inode before destroying it.
         */
        base_ni = ni->ext.base_ntfs_ino;
+       tmp_nis = base_ni->ext.extent_ntfs_inos;
+       if (!tmp_nis)
+               goto out;
        for (i = 0; i < base_ni->nr_extents; ++i) {
-               tmp_nis = base_ni->ext.extent_ntfs_inos;
                if (tmp_nis[i] != ni)
                        continue;
                /* Found it. Disconnect. */
@@ -3279,6 +3281,7 @@ int ntfs_inode_close(struct ntfs_inode *ni)
                break;
        }
 
+out:
        if (NInoDirty(ni))
                ntfs_error(ni->vol->sb, "Releasing dirty inode %llu!\n",
                                ni->mft_no);

diff --git a/fs/ntfs/lcnalloc.c b/fs/ntfs/lcnalloc.c
index 8707189be1c30f4e8e6d95f2173196669047362e..835a041023a2ac75f92ae08de35584aab196dfe5 100644 (file)
--- a/fs/ntfs/lcnalloc.c
+++ b/fs/ntfs/lcnalloc.c
@@ -732,11 +732,13 @@ out:
                folio_put(folio);
        }
        if (likely(!err)) {
+               if (!rl) {
+                       err = -EIO;
+                       goto out_restore;
+               }
                if (is_dealloc == true)
                        ntfs_release_dirty_clusters(vol, rl->length);
                ntfs_debug("Done.");
-               if (rl == NULL)
-                       err = -EIO;
                goto out_restore;
        }
        if (err != -ENOSPC)

diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c
index 28d3cb16da0102cc2b186ec81e149cc48454ff40..b213b4976d2b6b91c38c00d5cff24324862baf48 100644 (file)
--- a/fs/ntfs/runlist.c
+++ b/fs/ntfs/runlist.c
@@ -1661,7 +1661,7 @@ struct runlist_element *ntfs_rl_insert_range(struct runlist_element *dst_rl, int
 {
        struct runlist_element *i_rl, *new_rl, *src_rl_origin = src_rl;
        struct runlist_element dst_rl_split;
-       s64 start_vcn = src_rl[0].vcn;
+       s64 start_vcn;
        int new_1st_cnt, new_2nd_cnt, new_3rd_cnt, new_cnt;
 
        if (!dst_rl || !src_rl || !new_rl_cnt)