From: Namjae Jeon <linkinjeon@kernel.org>
Date: Fri, 10 Apr 2026 14:49:01 +0000 (+0900)
Subject: ntfs: fix uninitialized pointer in ntfs_write_mft_block
X-Git-Tag: v7.1-rc1~14^2~7
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=545834ac412fb42d41a41442aee7998c1d2dcced;p=thirdparty%2Flinux.git

ntfs: fix uninitialized pointer in ntfs_write_mft_block

Smatch reported that the variable rl could be used uninitialized in
ntfs_write_mft_block(). After analyzing the code,
when vol->cluster_size == NTFS_BLOCK_SIZE (512), it is smaller than
folio_size, so rl is guaranteed to be initialized. If vol->cluster_size
is larger, the condition to access rl becomes false, so a runtime error is
not expected to occur. However, to make the static checker happy,
this patch initializes rl to NULL and adds an explicit check before
its usage.

Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---

diff --git a/fs/ntfs/mft.c b/fs/ntfs/mft.c
index bf028c1aea26..60d64de51d21 100644
--- a/fs/ntfs/mft.c
+++ b/fs/ntfs/mft.c
@@ -2714,7 +2714,7 @@ static int ntfs_write_mft_block(struct folio *folio, struct writeback_control *w
 	s64 vcn = ntfs_pidx_to_cluster(vol, folio->index);
 	s64 end_vcn = ntfs_bytes_to_cluster(vol, ni->allocated_size);
 	unsigned int folio_sz;
-	struct runlist_element *rl;
+	struct runlist_element *rl = NULL;
 	loff_t i_size = i_size_read(vi);
 
 	ntfs_debug("Entering for inode 0x%llx, attribute type 0x%x, folio index 0x%lx.",
@@ -2820,7 +2820,7 @@ flush_bio:
 
 			if (vol->cluster_size == NTFS_BLOCK_SIZE &&
 			    (mft_record_off ||
-			     rl->length - (vcn_off - rl->vcn) == 1 ||
+			     (rl && rl->length - (vcn_off - rl->vcn) == 1) ||
 			     mft_ofs + NTFS_BLOCK_SIZE >= PAGE_SIZE))
 				folio_sz = NTFS_BLOCK_SIZE;
 			else