From 1fcf9043d30812893e075e2b3c6ec5a093fd9629 Mon Sep 17 00:00:00 2001 From: liuh Date: Fri, 21 Jun 2024 09:10:29 +0800 Subject: [PATCH] btrfs-progs: fix freeing of device after error in btrfs_add_to_fsid() --- ...freeing-of-device-after-error-in-btr.patch | 42 +++++++++++++++++++ btrfs-progs.spec | 6 ++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch diff --git a/0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch b/0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch new file mode 100644 index 0000000..fd967ba --- /dev/null +++ b/0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch @@ -0,0 +1,42 @@ +From 27198a4c26f10f8cef222b6d3be4d1509ab055cb Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Wed, 3 Apr 2024 23:10:22 +0200 +Subject: [PATCH] btrfs-progs: fix freeing of device after error in + btrfs_add_to_fsid() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported by 'gcc -fanalyzer': +common/device-scan.c:222:20: warning: dereference of NULL ‘device’ [CWE-476] [-Wanalyzer-null-dereference] + +If the allocation of device fails then we can't free device->zone_info +at the out label. To fix that return immediately as it's at the +beginning of the function. + +Signed-off-by: David Sterba +--- + common/device-scan.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/common/device-scan.c b/common/device-scan.c +index c1cd726..630220a 100644 +--- a/common/device-scan.c ++++ b/common/device-scan.c +@@ -144,10 +144,9 @@ int btrfs_add_to_fsid(struct btrfs_trans_handle *trans, + device_total_bytes = (device_total_bytes / sectorsize) * sectorsize; + + device = calloc(1, sizeof(*device)); +- if (!device) { +- ret = -ENOMEM; +- goto out; +- } ++ if (!device) ++ return -ENOMEM; ++ + buf = calloc(1, sectorsize); + if (!buf) { + ret = -ENOMEM; +-- +2.27.0 + diff --git a/btrfs-progs.spec b/btrfs-progs.spec index 97f6542..4af5de7 100644 --- a/btrfs-progs.spec +++ b/btrfs-progs.spec @@ -1,6 +1,6 @@ Name: btrfs-progs Version: 6.6.3 -Release: 5 +Release: 6 Summary: btrfs userspace programs License: GPLv2 and GPL+ and LGPL-2.1+ and GPL-3.0+ and LGPL-2.1 and MIT URL: https://btrfs.wiki.kernel.org/index.php/Main_Page @@ -10,6 +10,7 @@ Patch0001: 0001-fix-exclusive-op-enqueue-timeout.patch Patch0002: 0002-subvolume-fix-return-value-when-the-target-exists.patch Patch0003: 0003-fix-memory-leak-on-exit-path-in-table-vprintf.patch Patch0004: 0004-btrfs-progs-scrub-status-only-report-limits-if-at-le.patch +Patch0005: 0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch BuildRequires: python3-devel >= 3.4 BuildRequires: libacl-devel, e2fsprogs-devel, libblkid-devel, libuuid-devel, zlib-devel, libzstd-devel, lzo-devel, systemd-devel @@ -75,6 +76,9 @@ make mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir %{_mandir}/man8/*.gz %changelog +* Fri Jun 21 2024 liuh - 6.6.3-6 +- backport patch fix null dereference risk + * Thu Jun 6 2024 liuh - 6.6.3-5 - backport patch from community -- Gitee