btrfs-corrupt-block added some untested path allocations. These showed up in static analysis when they pass their path to btrfs_search_slot() which unconditionally dereferences the path.
Signed-off-by: Zach Brown <[email protected]> --- btrfs-corrupt-block.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/btrfs-corrupt-block.c b/btrfs-corrupt-block.c index 9e72ca8..018c23d 100644 --- a/btrfs-corrupt-block.c +++ b/btrfs-corrupt-block.c @@ -502,6 +502,9 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, struct extent_buffer *leaf; path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + key.objectid = (u64)-1; key.offset = (u64)-1; key.type = (u8)-1; @@ -531,7 +534,7 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, if (ret) goto free_out; } - btrfs_free_path(path); + btrfs_release_path(path); /* Here, cow and ins_len must equals 0 for the following reasons: * 1) chunk recover is based on disk scanning, so COW should be @@ -540,7 +543,6 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, * 2) if cow = 0, ins_len must also be set to 0, or BUG_ON will be * triggered. */ - path = btrfs_alloc_path(); ret = btrfs_search_slot(trans, root, &key, path, 0, 0); BUG_ON(ret == 0); if (ret < 0) { @@ -720,6 +722,10 @@ int main(int ac, char **av) print_usage(); del = rand() % 3; path = btrfs_alloc_path(); + if (!path) { + fprintf(stderr, "path allocation failed\n"); + goto out_close; + } if (find_chunk_offset(root->fs_info->chunk_root, path, logical) != 0) { -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
