On Thu, Sep 13, 2018 at 11:35:10AM +0300, Nikolay Borisov wrote: >In btrfs_search_old_slot get_old_root is always used with the >assumption it cannot fail. However, this is not true in rare >circumstance it can fail and return null. This will lead to null >point dereference when the header is read. Fix this by checking the >return value and properly handling NULL by setting ret to -EIO and >returning gracefully. > >CID: 1087503 >Signed-off-by: Nikolay Borisov <nbori...@suse.com>
Reviewed-by: Lu Fengqi <lufq.f...@cn.fujitsu.com> -- Thanks, Lu >--- > fs/btrfs/ctree.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c >index 1124d236291d..a5399fd49c17 100644 >--- a/fs/btrfs/ctree.c >+++ b/fs/btrfs/ctree.c >@@ -2961,6 +2961,10 @@ int btrfs_search_old_slot(struct btrfs_root *root, >const struct btrfs_key *key, > > again: > b = get_old_root(root, time_seq); >+ if (!b) { >+ ret = -EIO; >+ goto done; >+ } > level = btrfs_header_level(b); > p->locks[level] = BTRFS_READ_LOCK; > >-- >2.7.4 > > >