summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQu Wenruo <wqu@suse.com>2018-03-30 13:48:53 +0800
committerDavid Sterba <dsterba@suse.com>2018-04-24 13:00:11 +0200
commit98d5d325a887b6c061096c141eef10755762bbcf (patch)
treea1be1f4d960ba243c15a64f8595cfd70918a9db6
parenta5ef445f05fb077736d47624e31b9f6c7bbb0f1b (diff)
downloadbtrfs-progs-98d5d325a887b6c061096c141eef10755762bbcf.tar.gz
btrfs-progs-98d5d325a887b6c061096c141eef10755762bbcf.tar.bz2
btrfs-progs-98d5d325a887b6c061096c141eef10755762bbcf.zip
btrfs-progs: extent_io: Fix NULL pointer dereference in free_extent_buffer_final()
In free_extent_buffer_final() we access eb->tree->cache_size in BUG_ON(). However eb->tree can be NULL if it's a cloned extent buffer. Currently the cloned extent buffer is only used in backref.c, paths_from_inode() function. Thankfully that function is not used yet (but could be pretty useful to convert inode number to path, so I'd like to keep such function). Anyway, check eb->tree before accessing its member. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>
-rw-r--r--extent_io.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/extent_io.c b/extent_io.c
index eda1fb6f..986ad5c0 100644
--- a/extent_io.c
+++ b/extent_io.c
@@ -587,7 +587,7 @@ static void free_extent_buffer_final(struct extent_buffer *eb)
struct extent_io_tree *tree = eb->tree;
BUG_ON(eb->refs);
- BUG_ON(tree->cache_size < eb->len);
+ BUG_ON(tree && tree->cache_size < eb->len);
list_del_init(&eb->lru);
if (!(eb->flags & EXTENT_BUFFER_DUMMY)) {
remove_cache_extent(&tree->cache, &eb->cache_node);