Menu
▾
▴
Re: [fuse-devel] Null deref in fuse_file_alloc()
|
From: Miklos S. <mi...@sz...> - 2009-01-26 13:02:02
|
On Tue, 20 Jan 2009, Dan Carpenter wrote:
> ff is set to NULL and then dereferenced on line 65. Compile tested only.
Thanks. Patch is now queued for 2.6.29.
Miklos
>
> regards,
> dan carpenter
>
> Signed-off-by: Dan Carpenter <er...@gm...>
>
> --- orig/fs/fuse/file.c 2009-01-20 12:33:03.000000000 +0300
> +++ devel/fs/fuse/file.c 2009-01-20 12:33:42.000000000 +0300
> @@ -54,7 +54,7 @@
> ff->reserved_req = fuse_request_alloc();
> if (!ff->reserved_req) {
> kfree(ff);
> - ff = NULL;
> + return NULL;
> } else {
> INIT_LIST_HEAD(&ff->write_entry);
> atomic_set(&ff->count, 0);
>
|