summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriy Monakhov <dmonakhov@sw.ru>2007-05-08 00:24:37 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-05-08 11:14:59 -0700
commit2d3466a348a61c4d7f958ce80020eba17c09d7f7 (patch)
treeeda69787ec28632b162638055b60dc8371f6432b
parent82f703bb8cb2732b4437a9f555a1be564e9e71c2 (diff)
downloadlinux-3.10-2d3466a348a61c4d7f958ce80020eba17c09d7f7.tar.gz
linux-3.10-2d3466a348a61c4d7f958ce80020eba17c09d7f7.tar.bz2
linux-3.10-2d3466a348a61c4d7f958ce80020eba17c09d7f7.zip
reiserfs: possible null pointer dereference during resize
sb_read may return NULL, let's explicitly check it. If so free new bitmap blocks array, after this we may safely exit as it done above during bitmap allocation. Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/reiserfs/resize.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/reiserfs/resize.c b/fs/reiserfs/resize.c
index 315684793d1..976cc7887a0 100644
--- a/fs/reiserfs/resize.c
+++ b/fs/reiserfs/resize.c
@@ -131,6 +131,10 @@ int reiserfs_resize(struct super_block *s, unsigned long block_count_new)
/* don't use read_bitmap_block since it will cache
* the uninitialized bitmap */
bh = sb_bread(s, i * s->s_blocksize * 8);
+ if (!bh) {
+ vfree(bitmap);
+ return -EIO;
+ }
memset(bh->b_data, 0, sb_blocksize(sb));
reiserfs_test_and_set_le_bit(0, bh->b_data);
reiserfs_cache_bitmap_metadata(s, bh, bitmap + i);