Google Git
Sign in
android-kvm / linux / 884ea892763d4dfba509743f65961c782c0442db^! / .
commit884ea892763d4dfba509743f65961c782c0442db[log] [tgz]
authorSage Weil <sage@newdream.net>Mon Nov 22 22:58:06 2010 -0800
committerSage Weil <sage@newdream.net>Wed Dec 01 14:15:31 2010 -0800
tree92a7f5b67aa06cf32457ccb2b69c28c528a48c15
parent3561d43fd289f590fdae672e5eb831b8d5cf0bf6 [diff]
ceph: avoid possible null deref in readdir after dir llseek

last may be NULL, but we dereference it in the else branch without
checking.  Normally it doesn't trigger because last == NULL when fpos == 2,
but it could happen on a newly opened dir if the user seeks forward.

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 7d447af..158c700 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c

@@ -114,8 +114,8 @@
 	spin_lock(&dcache_lock);
 
 	/* start at beginning? */
-	if (filp->f_pos == 2 || (last &&
-				 filp->f_pos < ceph_dentry(last)->offset)) {
+	if (filp->f_pos == 2 || last == NULL ||
+	    filp->f_pos < ceph_dentry(last)->offset) {
 		if (list_empty(&parent->d_subdirs))
 			goto out_unlock;
 		p = parent->d_subdirs.prev;