diff options
| author | Lucas C. Villa Real <lucasvr@gmail.com> | 2017-01-09 15:43:26 -0200 |
|---|---|---|
| committer | Jeff Mahoney <jeffm@suse.com> | 2017-01-09 13:39:43 -0500 |
| commit | 5f0e56b0ac13b1ef61beaccf65d34545c1f5d263 (patch) | |
| tree | 29ae9d5021182bdf82746fcf718a8da053378761 | |
| parent | 14b57362f75cd5ec72299fe895ba3521b4828011 (diff) | |
| download | reiserfsprogs-5f0e56b0ac13b1ef61beaccf65d34545c1f5d263.tar.gz | |
Fixes a NULL pointer dereference caused by reiserfsck. buffer_info_init_bh()
is called with a NULL "tb" argument, but the inline implementation of that
function was not prepared to handle it:
Core was generated by `/Data/Compile/Sources/reiserfsprogs-3.6.25/fsck/.libs/lt-reiserfsck --fix-fixab'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fe0d63ef48d in buffer_info_init_bh (tb=0x0, bi=0x7fff03ad3630, bh=0xb60db0) at ../include/reiserfs_fs.h:1584
1584 bi->bi_fs = tb->tb_fs;
(gdb) bt
#0 0x00007fe0d63ef48d in buffer_info_init_bh (tb=0x0, bi=0x7fff03ad3630, bh=0xb60db0) at ../include/reiserfs_fs.h:1584
#1 0x00007fe0d63f21f9 in delete_item (fs=0xb40710, bh=0xb60db0, item_num=0) at lbalance.c:1157
#2 0x000000000040a3aa in pass0_correct_leaf (fs=0xb40710, bh=0xb60db0) at pass0.c:768
#3 0x000000000040deab in do_pass_0 (fs=0xb40710) at pass0.c:1928
#4 0x000000000040f74f in misc_set_bit (nr=4257615, addr=0x7fff03ad3770) at ../include/misc.h:94
#5 0x0000000000406cb0 in rebuild_tree (fs=0xb40710) at main.c:941
#6 0x00000000004088ba in misc_set_bit (nr=140733255074915, addr=0x42a630 <__libc_csu_init+64>) at ../include/misc.h:92
#7 0x00007fe0d5e58291 in __libc_start_main (main=0x4081a4 <main+64>, argc=7, argv=0x7fff03ad38e8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fff03ad38d8) at ../csu/libc-start.c:289
#8 0x00000000004048ca in deregister_tm_clones ()
#9 0x00007fff03ad38d8 in ?? ()
#10 0x000000000000001c in ?? ()
#11 0x0000000000000007 in ?? ()
#12 0x00007fff03ad43ec in ?? ()
#13 0x00007fff03ad4430 in ?? ()
#14 0x00007fff03ad443e in ?? ()
#15 0x00007fff03ad4446 in ?? ()
#16 0x00007fff03ad444c in ?? ()
#17 0x00007fff03ad4454 in ?? ()
#18 0x00007fff03ad4463 in ?? ()
#19 0x0000000000000000 in ?? ()
(gdb) up
#1 0x00007fe0d63f21f9 in delete_item (fs=0xb40710, bh=0xb60db0, item_num=0) at lbalance.c:1157
1157 buffer_info_init_bh(NULL, &bi, bh);
Signed-off-by: Lucas C. Villa Real <lucasvr@gobolinux.org>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
| -rw-r--r-- | include/reiserfs_fs.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/reiserfs_fs.h b/include/reiserfs_fs.h index bbf50db..a128017 100644 --- a/include/reiserfs_fs.h +++ b/include/reiserfs_fs.h @@ -1581,7 +1581,7 @@ static inline void buffer_info_init_bh(const struct tree_balance *tb, struct buffer_info *bi, struct buffer_head *bh) { - bi->bi_fs = tb->tb_fs; + bi->bi_fs = tb ? tb->tb_fs : NULL; bi->bi_bh = bh; bi->bi_parent = NULL; bi->bi_position = 0; |