[Ocfs2-tools-devel] [PATCH] libocfs2: fulfill lookup with zero firstly in ocfs2_find_entry_dx

[Changwei Ge]

If ocfs2_find_entry_dx() fails with allocating memory or reading dx 
root, code path will jump to _out_ and try to release resources managed 
by lookup variable. However it is never initialized thus cause a crash 
issue.

Backtrace follows:

__GI___libc_free (mem=0x17) at malloc.c:2929
0x0000000000417e2c in ?? () at memory.c:59
0x00007ffd2c39e6f0 in ?? ()
0x000000000042a924 in release_lookup_res (res=0x17) at
dir_indexed.c:1502
0x0000000000417d1f in ocfs2_find_entry_dx (ls=0x7ffd2c39e730,
fs=0x2238300, di=<optimized out>,
buf=<optimized out>) at lookup.c:76
ocfs2_lookup (fs=0x2238300, dir=514, name=<optimized out>,
namelen=<optimized out>, buf=0x0,
inode=<optimized out>) at lookup.c:128
0x00000000004071ee in do_open (args=<optimized out>) at commands.c:746
0x000000000040775f in do_command (cmd=<optimized out>) at commands.c:346
0x0000000000403684 in main (argc=35877120, argv=0x7ffd2c39eb18) at
main.c:487

Signed-off-by: Kai Li <li.kai4 at h3c.com>
Signed-off-by: Changwei Ge <ge.changwei at h3c.com>
---
  libocfs2/lookup.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libocfs2/lookup.c b/libocfs2/lookup.c
index c217c12d0fea..a8d0f3c7fed3 100644
--- a/libocfs2/lookup.c
+++ b/libocfs2/lookup.c
@@ -73,6 +73,8 @@ static errcode_t ocfs2_find_entry_dx(ocfs2_filesys *fs,
  	struct ocfs2_dir_lookup_result lookup;
  	errcode_t ret;

+	memset(&lookup, 0, sizeof(struct ocfs2_dir_lookup_result));
+
  	ret = ocfs2_malloc_block(fs->fs_io, &dx_root_buf);
  	if (ret)
  		goto out;
@@ -81,7 +83,6 @@ static errcode_t ocfs2_find_entry_dx(ocfs2_filesys *fs,
  		goto out;
  	dx_root = (struct ocfs2_dx_root_block *)dx_root_buf;

-	memset(&lookup, 0, sizeof(struct ocfs2_dir_lookup_result));
  	ocfs2_dx_dir_name_hash(fs, ls->name,
  			ls->len, &lookup.dl_hinfo);

-- 
2.11.0