Re: [PATCH v2] Fix NULL pointer dereference in bl_free_device().

Christoph Hellwig Thu, 21 Jul 2016 01:10:27 -0700

On Tue, Jul 19, 2016 at 05:39:04PM +0200, Artem Savkov wrote:
> When bl_parse_deviceid() fails in bl_alloc_deviceid_node() on
> blkdev_get_by_*() step we get an pnfs_block_dev struct that is
> uninitialized except for bdev field which is set to whatever error
> blkdev_get_by_*() returns.  bl_free_device() then tries to call
> blkdev_put() if bdev is not 0 resulting in a wrong pointer dereference.
> 
> Fixing this by making sure bdev is not an error code in bl_free_device().
> 
> Signed-off-by: Artem Savkov <asav...@redhat.com>


I guess this is fine to be defensive, but we should probably just ensure
->bdev is NULLed on failure.

Re: [PATCH v2] Fix NULL pointer dereference in bl_free_device().

Reply via email to