[patch 06/43] fuse: fix NULL deref in fuse_file_alloc()

From: Greg KH
Date: Fri Jan 30 2009 - 22:00:57 EST

Next message: Greg KH: "[patch 07/43] x86, mm: fix pte_free()"
Previous message: Greg KH: "[patch 05/43] fuse: fix missing fput on error"
In reply to: Greg KH: "[patch 05/43] fuse: fix missing fput on error"
Next in thread: Greg KH: "[patch 07/43] x86, mm: fix pte_free()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.28-stable review patch. If anyone has any objections, please let us know.

------------------

From: Dan Carpenter <error27@xxxxxxxxx>

commit bb875b38dc5e343bdb696b2eab8233e4d195e208 upstream.

ff is set to NULL and then dereferenced on line 65. Compile tested only.

Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
fs/fuse/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(void)
ff->reserved_req = fuse_request_alloc();
if (!ff->reserved_req) {
kfree(ff);
- ff = NULL;
+ return NULL;
} else {
INIT_LIST_HEAD(&ff->write_entry);
atomic_set(&ff->count, 0);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[patch 07/43] x86, mm: fix pte_free()"
Previous message: Greg KH: "[patch 05/43] fuse: fix missing fput on error"
In reply to: Greg KH: "[patch 05/43] fuse: fix missing fput on error"
Next in thread: Greg KH: "[patch 07/43] x86, mm: fix pte_free()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]