| Message ID | 20220902161327.45283-1-wangyugui@e16-tech.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] btrfs-progs: receive: fix a segfault that free() an err value | expand |
On Sat, Sep 03, 2022 at 12:13:27AM +0800, Wang Yugui wrote: > I noticed a segfault of 'btrfs receive'. > $ gdb > #0 process_clone (path=0x23829d0 "after.s1.txt", offset=0, len=2097152, clone_uuid=<optimized out>, > clone_ctransid=<optimized out>, clone_path=0x2382920 "after.s1.txt", clone_offset=0, user=0x7ffe21985ba0) > at cmds/receive.c:793 > 793 free(si->path); > (gdb) p si > $1 = (struct subvol_info *) 0xfffffffffffffffe > > 'si' was an ERR value. so add the check of '!IS_ERR_OR_NULL()' before 'free()' > just similar to process_snapshot(). > > Signed-off-by: Wang Yugui <wangyugui@e16-tech.com> Added to devel, thanks.
diff --git a/cmds/receive.c b/cmds/receive.c index aec32458..bf476387 100644 --- a/cmds/receive.c +++ b/cmds/receive.c @@ -811,7 +811,7 @@ static int process_clone(const char *path, u64 offset, u64 len, } out: - if (si) { + if (!IS_ERR_OR_NULL(si)) { free(si->path); free(si); }
I noticed a segfault of 'btrfs receive'. $ gdb #0 process_clone (path=0x23829d0 "after.s1.txt", offset=0, len=2097152, clone_uuid=<optimized out>, clone_ctransid=<optimized out>, clone_path=0x2382920 "after.s1.txt", clone_offset=0, user=0x7ffe21985ba0) at cmds/receive.c:793 793 free(si->path); (gdb) p si $1 = (struct subvol_info *) 0xfffffffffffffffe 'si' was an ERR value. so add the check of '!IS_ERR_OR_NULL()' before 'free()' just similar to process_snapshot(). Signed-off-by: Wang Yugui <wangyugui@e16-tech.com> --- changes since v1: let the check similar to process_snapshot(). cmds/receive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)