From patchwork Tue Apr 15 16:48:49 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 3994191 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id C419BBFF02 for ; Tue, 15 Apr 2014 16:49:01 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 0109D2021F for ; Tue, 15 Apr 2014 16:49:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D6C9920212 for ; Tue, 15 Apr 2014 16:48:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751239AbaDOQs7 (ORCPT ); Tue, 15 Apr 2014 12:48:59 -0400 Received: from mail-qg0-f43.google.com ([209.85.192.43]:57651 "EHLO mail-qg0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751038AbaDOQs6 (ORCPT ); Tue, 15 Apr 2014 12:48:58 -0400 Received: by mail-qg0-f43.google.com with SMTP id f51so9958895qge.16 for ; Tue, 15 Apr 2014 09:48:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=owGZg/yTqBUAqm3cR7YvKRAmtj4fDQJ/mN4+19ckXgE=; b=KIPfj8g2N/+6Ctcuh+6tTbWYRtgMuZ0EXGGAs8rBf+IOysz/Fn4dHCHyjzGURzjYUH jBqYq57fkDHHNnQuEZ85XbYdyZ4nqHk0c5qhRhnrQcrBIKqi27v74mtd0DZ8hbRAPVRm POvBWtPyttEolQV0zoVndYjBZTCaqu82n/tpJyPcxdU988P+tNKu8QGb5I4qdgccDAoC ZL08kIrbFy6Vi6sz4yV9OcFyBgXyiRIbIMVbjXr8U6iqE24Wk2l0J60A+HSZil3sxGPC 65aOSQbLDyVbltf3rtCbtbQoCU8Eioo17wrMzZVHHEheUnYf/swfRTMm4mLCMq9pBeT7 KkoQ== X-Gm-Message-State: ALoCoQnte7DAIeo/zM9OrtS2zt3Vwk4Ypagy0URGHdiuyoG2ifGlJ7j4FEkKWa6zv7jtDLo9f5bd X-Received: by 10.229.192.7 with SMTP id do7mr4369750qcb.1.1397580538307; Tue, 15 Apr 2014 09:48:58 -0700 (PDT) Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d]) by mx.google.com with ESMTPSA id 11sm22189389qgv.20.2014.04.15.09.48.57 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Apr 2014 09:48:57 -0700 (PDT) From: Jeff Layton To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org Subject: [PATCH] cifs: fix error handling cifs_user_readv Date: Tue, 15 Apr 2014 12:48:49 -0400 Message-Id: <1397580529-3305-1-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.9.0 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Coverity says: *** CID 1202537: Dereference after null check (FORWARD_NULL) /fs/cifs/file.c: 2873 in cifs_user_readv() 2867 cur_len = min_t(const size_t, len - total_read, cifs_sb->rsize); 2868 npages = DIV_ROUND_UP(cur_len, PAGE_SIZE); 2869 2870 /* allocate a readdata struct */ 2871 rdata = cifs_readdata_alloc(npages, 2872 cifs_uncached_readv_complete); >>> CID 1202537: Dereference after null check (FORWARD_NULL) >>> Comparing "rdata" to null implies that "rdata" might be null. 2873 if (!rdata) { 2874 rc = -ENOMEM; 2875 goto error; 2876 } 2877 2878 rc = cifs_read_allocate_pages(rdata, npages); ...when we "goto error", rc will be non-zero, and then we end up trying to do a kref_put on the rdata (which is NULL). Fix this by replacing the "goto error" with a "break". Reported-by: Signed-off-by: Jeff Layton --- fs/cifs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 8616256cb93f..325b74798ef3 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2872,7 +2872,7 @@ ssize_t cifs_user_readv(struct kiocb *iocb, const struct iovec *iov, cifs_uncached_readv_complete); if (!rdata) { rc = -ENOMEM; - goto error; + break; } rc = cifs_read_allocate_pages(rdata, npages);