There is no check for udf_tgetblk(), which could return NULL, in udf_symlink(). So there is a possibility of returning NULL under heavy memory pressure and possibility of NULL dereference.
Signed-off-by: Changwoo Min <[email protected]> --- fs/udf/namei.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/udf/namei.c b/fs/udf/namei.c index 33b246b..ed2f221 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c @@ -902,6 +902,10 @@ static int udf_symlink(struct inode *dir, struct dentry *dentry, iinfo->i_location.partitionReferenceNum, 0); epos.bh = udf_tgetblk(sb, block); + if (!epos.bh) { + err = -ENOMEM; + goto out_no_entry; + } lock_buffer(epos.bh); memset(epos.bh->b_data, 0x00, bsize); set_buffer_uptodate(epos.bh); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
