forked from Mirrors/btrfs-progs
btrfs-progs: check/original: Fix uninitialized stack memory access for deal_root_from_list()
[BUG] With valgrind, fsck/002 test with original mode would report the following valgrind error: ==90600== Conditional jump or move depends on uninitialised value(s) ==90600== at 0x15C280: pick_next_pending (main.c:4949) ==90600== by 0x15F3CF: run_next_block (main.c:6175) ==90600== by 0x1655CC: deal_root_from_list (main.c:8486) ==90600== by 0x1660C7: check_chunks_and_extents (main.c:8762) ==90600== by 0x166439: do_check_chunks_and_extents (main.c:8842) ==90600== by 0x169D0B: cmd_check (main.c:10324) ==90600== by 0x11CDC6: cmd_execute (commands.h:125) ==90600== by 0x11D712: main (btrfs.c:386) [CAUSE] The problem happens like this: deal_root_from_list(@list is empty) |- stack @last is not initialized |- while(!list_empty(list)) {} is skipped |- run_next_block(&last); |- pick_next_pending(*last); |- node_start = last; Since the stack @last is not initialized in deal_root_from_list(), the final node_start = last assignment would just fetch the garbage from stack. [FIX] Fix the problem by initializing @last to 0, as that's exactly what the first while loop did. Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
parent
e711c843df
commit
0a472ef887
|
@ -8442,7 +8442,7 @@ static int deal_root_from_list(struct list_head *list,
|
|||
struct device_extent_tree *dev_extent_cache)
|
||||
{
|
||||
int ret = 0;
|
||||
u64 last;
|
||||
u64 last = 0;
|
||||
|
||||
while (!list_empty(list)) {
|
||||
struct root_item_record *rec;
|
||||
|
|
Loading…
Reference in New Issue