Hi Nickolai,,<br><br>Thanks for reporting this issue, which seems to be a code bug here, the proper fix proabably might be referencing &#39;dg&#39; after it has been assigined.<br><br>Regards,<br>Tristan<br><div class="gmail_quote">
On Wed, Jan 9, 2013 at 12:11 AM, Nickolai Zeldovich <span dir="ltr">&lt;<a href="mailto:nickolai@csail.mit.edu" target="_blank">nickolai@csail.mit.edu</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It appears that if a user calls ioctl(OCFS2_IOC_MOVE_EXT) and does not<br>
set OCFS2_MOVE_EXT_FL_AUTO_DEFRAG in range.me_flags, the kernel will<br>
invoke ocfs2_validate_and_adjust_move_goal.  That function<br>
dereferences the &#39;bg&#39; pointer (initialized to NULL) before it assigns<br>
anything else to &#39;bg&#39;.<br>
<br>
One possible fix is to revert<br>
ea5e1675ac832b42889ac8d254ea8fbfbdfaa8b2, which is when the code in<br>
ocfs2_validate_and_adjust_move_goal was moved in a way that guaranteed<br>
a NULL pointer dereference.  But I don&#39;t fully understand what that<br>
change was trying to achieve.<br>
<br>
Nickolai.<br>
<br>
_______________________________________________<br>
Ocfs2-devel mailing list<br>
<a href="mailto:Ocfs2-devel@oss.oracle.com">Ocfs2-devel@oss.oracle.com</a><br>
<a href="https://oss.oracle.com/mailman/listinfo/ocfs2-devel" target="_blank">https://oss.oracle.com/mailman/listinfo/ocfs2-devel</a><br>
</blockquote></div><br>