diff mbox series

btrfs: fix uninit pointer free on read_alloc_one_name error

Message ID 20241010194717.1536428-1-jroi.martin@gmail.com (mailing list archive)
State New, archived
Headers show
Series btrfs: fix uninit pointer free on read_alloc_one_name error | expand

Commit Message

Roi Martin Oct. 10, 2024, 7:47 p.m. UTC 
The read_alloc_one_name function does not initialize the name field of
the passed fscrypt_str struct if kmalloc fails to allocate the
corresponding buffer.  Thus, it is not guaranteed that
fscrypt_str.name is initialized when freeing it.

This is a follow-up to the linked patch that fixes the remaining
instances of the bug introduced by commit e43eec81c516 ("btrfs: use
struct qstr instead of name and namelen pairs").

Link: https://lore.kernel.org/linux-btrfs/20241009080833.1355894-1-jroi.martin@gmail.com/
Fixes: e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs")
Signed-off-by: Roi Martin <jroi.martin@gmail.com>
---
 fs/btrfs/tree-log.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


base-commit: eb952c47d154ba2aac794b99c66c3c45eb4cc4ec

Comments

Anand Jain Oct. 10, 2024, 11:57 p.m. UTC | #1 
LGTM

Reviewed-by: Anand Jain <anand.jain@oracle.com>

Thx.
David Sterba Oct. 11, 2024, 4:09 p.m. UTC | #2 
On Thu, Oct 10, 2024 at 09:47:17PM +0200, Roi Martin wrote:
> The read_alloc_one_name function does not initialize the name field of
> the passed fscrypt_str struct if kmalloc fails to allocate the
> corresponding buffer.  Thus, it is not guaranteed that
> fscrypt_str.name is initialized when freeing it.
> 
> This is a follow-up to the linked patch that fixes the remaining
> instances of the bug introduced by commit e43eec81c516 ("btrfs: use
> struct qstr instead of name and namelen pairs").
> 
> Link: https://lore.kernel.org/linux-btrfs/20241009080833.1355894-1-jroi.martin@gmail.com/
> Fixes: e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs")
> Signed-off-by: Roi Martin <jroi.martin@gmail.com>

Added to for-next, thanks.
diff mbox series

Patch

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index e2ed2a791f8f..d2e5781701f9 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1845,7 +1845,7 @@  static noinline int replay_one_name(struct btrfs_trans_handle *trans,
 				    struct btrfs_dir_item *di,
 				    struct btrfs_key *key)
 {
-	struct fscrypt_str name;
+	struct fscrypt_str name = { 0 };
 	struct btrfs_dir_item *dir_dst_di;
 	struct btrfs_dir_item *index_dst_di;
 	bool dir_dst_matches = false;
@@ -2125,7 +2125,7 @@  static noinline int check_item_in_log(struct btrfs_trans_handle *trans,
 	struct extent_buffer *eb;
 	int slot;
 	struct btrfs_dir_item *di;
-	struct fscrypt_str name;
+	struct fscrypt_str name = { 0 };
 	struct inode *inode = NULL;
 	struct btrfs_key location;