Skip to content

Commit e28f376

Browse files
Prince Kumar Mauryagregkh
Prince Kumar Maurya
authored and
gregkh
committed
fs/sysv: Null check to prevent null-ptr-deref bug
commit ea2b62f upstream. sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug. Reported-by: syzbot+aad58150cbc64ba41bdc@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=aad58150cbc64ba41bdc Signed-off-by: Prince Kumar Maurya <princekumarmaurya06@gmail.com> Message-Id: <20230531013141.19487-1-princekumarmaurya06@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent e0a30f9 commit e28f376

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

fs/sysv/itree.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,10 @@ static int alloc_branch(struct inode *inode,
145145
*/
146146
parent = block_to_cpu(SYSV_SB(inode->i_sb), branch[n-1].key);
147147
bh = sb_getblk(inode->i_sb, parent);
148+
if (!bh) {
149+
sysv_free_block(inode->i_sb, branch[n].key);
150+
break;
151+
}
148152
lock_buffer(bh);
149153
memset(bh->b_data, 0, blocksize);
150154
branch[n].bh = bh;

0 commit comments

Comments
 (0)