[Ocfs2-devel] NULL pointer deref in OCFS2_IOC_MOVE_EXT
Tristan Ye
tye.kernel at gmail.com
Tue Jan 22 04:03:09 PST 2013
Hi Nickolai,,
Thanks for reporting this issue, which seems to be a code bug here, the
proper fix proabably might be referencing 'dg' after it has been assigined.
Regards,
Tristan
On Wed, Jan 9, 2013 at 12:11 AM, Nickolai Zeldovich
<nickolai at csail.mit.edu>wrote:
> It appears that if a user calls ioctl(OCFS2_IOC_MOVE_EXT) and does not
> set OCFS2_MOVE_EXT_FL_AUTO_DEFRAG in range.me_flags, the kernel will
> invoke ocfs2_validate_and_adjust_move_goal. That function
> dereferences the 'bg' pointer (initialized to NULL) before it assigns
> anything else to 'bg'.
>
> One possible fix is to revert
> ea5e1675ac832b42889ac8d254ea8fbfbdfaa8b2, which is when the code in
> ocfs2_validate_and_adjust_move_goal was moved in a way that guaranteed
> a NULL pointer dereference. But I don't fully understand what that
> change was trying to achieve.
>
> Nickolai.
>
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/ocfs2-devel/attachments/20130122/f30ba8e4/attachment.html
More information about the Ocfs2-devel
mailing list