Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5cc15dac55d4943176f84681f37aa48094ffa8b
Commit:     f5cc15dac55d4943176f84681f37aa48094ffa8b
Parent:     bcec44770cc65660369ae17b4e44be027a64a46c
Author:     Jan Kara <[EMAIL PROTECTED]>
AuthorDate: Thu Aug 30 23:56:22 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Fri Aug 31 01:42:22 2007 -0700

    Fix possible NULL pointer dereference in udf_table_free_blocks()
    
    Fix possible NULL pointer dereference when freeing blocks in case table of
    free space is used.  Also fix handling of the case when we need to move
    extent from one block to another one to make space for indirect extent.
    BTW: Nobody seem to have ever used this code.
    
    Signed-off-by: Jan Kara <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
---
 fs/udf/balloc.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/fs/udf/balloc.c b/fs/udf/balloc.c
index 276f720..87e87dc 100644
--- a/fs/udf/balloc.c
+++ b/fs/udf/balloc.c
@@ -540,26 +540,24 @@ static void udf_table_free_blocks(struct super_block *sb,
                        if (epos.offset + adsize > sb->s_blocksize) {
                                loffset = epos.offset;
                                aed->lengthAllocDescs = cpu_to_le32(adsize);
-                               sptr = UDF_I_DATA(inode) + epos.offset -
-                                       udf_file_entry_alloc_offset(inode) +
-                                       UDF_I_LENEATTR(inode) - adsize;
+                               sptr = UDF_I_DATA(table) + epos.offset - adsize;
                                dptr = epos.bh->b_data + sizeof(struct 
allocExtDesc);
                                memcpy(dptr, sptr, adsize);
                                epos.offset = sizeof(struct allocExtDesc) + 
adsize;
                        } else {
                                loffset = epos.offset + adsize;
                                aed->lengthAllocDescs = cpu_to_le32(0);
-                               sptr = oepos.bh->b_data + epos.offset;
-                               epos.offset = sizeof(struct allocExtDesc);
-
                                if (oepos.bh) {
+                                       sptr = oepos.bh->b_data + epos.offset;
                                        aed = (struct allocExtDesc 
*)oepos.bh->b_data;
                                        aed->lengthAllocDescs =
                                                
cpu_to_le32(le32_to_cpu(aed->lengthAllocDescs) + adsize);
                                } else {
+                                       sptr = UDF_I_DATA(table) + epos.offset;
                                        UDF_I_LENALLOC(table) += adsize;
                                        mark_inode_dirty(table);
                                }
+                               epos.offset = sizeof(struct allocExtDesc);
                        }
                        if (UDF_SB_UDFREV(sb) >= 0x0200)
                                udf_new_tag(epos.bh->b_data, TAG_IDENT_AED, 3, 
1,
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to