From 91f5f22d7d00077b797a99b74f682abdb1b7323d Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Mon, 7 Oct 2013 14:42:54 -0700 Subject: [PATCH] btrfs-progs: check path alloc in corrupt block btrfs-corrupt-block added some untested path allocations. These showed up in static analysis when they pass their path to btrfs_search_slot() which unconditionally dereferences the path. Signed-off-by: Zach Brown Signed-off-by: David Sterba Signed-off-by: Chris Mason --- btrfs-corrupt-block.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/btrfs-corrupt-block.c b/btrfs-corrupt-block.c index c4f80fca..b40a529b 100644 --- a/btrfs-corrupt-block.c +++ b/btrfs-corrupt-block.c @@ -601,6 +601,9 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, struct extent_buffer *leaf; path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + key.objectid = (u64)-1; key.offset = (u64)-1; key.type = (u8)-1; @@ -630,7 +633,7 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, if (ret) goto free_out; } - btrfs_free_path(path); + btrfs_release_path(path); /* Here, cow and ins_len must equals 0 for the following reasons: * 1) chunk recover is based on disk scanning, so COW should be @@ -639,7 +642,6 @@ int corrupt_chunk_tree(struct btrfs_trans_handle *trans, * 2) if cow = 0, ins_len must also be set to 0, or BUG_ON will be * triggered. */ - path = btrfs_alloc_path(); ret = btrfs_search_slot(trans, root, &key, path, 0, 0); BUG_ON(ret == 0); if (ret < 0) { @@ -829,6 +831,10 @@ int main(int ac, char **av) print_usage(); del = rand() % 3; path = btrfs_alloc_path(); + if (!path) { + fprintf(stderr, "path allocation failed\n"); + goto out_close; + } if (find_chunk_offset(root->fs_info->chunk_root, path, logical) != 0) {