Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ntfs: fix uninitialized pointer in ntfs_write_mft_block
Smatch reported that the variable rl could be used uninitialized in
ntfs_write_mft_block(). After analyzing the code,
when vol->cluster_size == NTFS_BLOCK_SIZE (512), it is smaller than
folio_size, so rl is guaranteed to be initialized. If vol->cluster_size
is larger, the condition to access rl becomes false, so a runtime error is
not expected to occur. However, to make the static checker happy,
this patch initializes rl to NULL and adds an explicit check before
its usage.
Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+2
-2
+2
-2
fs/ntfs/mft.c
+2
-2
fs/ntfs/mft.c
···
2714
2714
s64 vcn = ntfs_pidx_to_cluster(vol, folio->index);
2715
2715
s64 end_vcn = ntfs_bytes_to_cluster(vol, ni->allocated_size);
2716
2716
unsigned int folio_sz;
2717
-
struct runlist_element *rl;
2717
+
struct runlist_element *rl = NULL;
2718
2718
loff_t i_size = i_size_read(vi);
2719
2719
2720
2720
ntfs_debug("Entering for inode 0x%llx, attribute type 0x%x, folio index 0x%lx.",
···
2820
2820
2821
2821
if (vol->cluster_size == NTFS_BLOCK_SIZE &&
2822
2822
(mft_record_off ||
2823
-
rl->length - (vcn_off - rl->vcn) == 1 ||
2823
+
(rl && rl->length - (vcn_off - rl->vcn) == 1) ||
2824
2824
mft_ofs + NTFS_BLOCK_SIZE >= PAGE_SIZE))
2825
2825
folio_sz = NTFS_BLOCK_SIZE;
2826
2826
else