From 440ea2c06853dda4edff8ad5c67ae2af46d79a61 Mon Sep 17 00:00:00 2001 From: Zhang Yaqi Date: Tue, 2 Jul 2024 10:10:53 +0800 Subject: [PATCH] fix double free on error in read_raid56 (cherry picked from commit 78d712e87e625ba3ff48afbf2358d76cc581e725) --- ...-double-free-on-error-in-read_raid56.patch | 41 +++++++++++++++++++ btrfs-progs.spec | 6 ++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 0002-fix-double-free-on-error-in-read_raid56.patch diff --git a/0002-fix-double-free-on-error-in-read_raid56.patch b/0002-fix-double-free-on-error-in-read_raid56.patch new file mode 100644 index 0000000..4e96b54 --- /dev/null +++ b/0002-fix-double-free-on-error-in-read_raid56.patch @@ -0,0 +1,41 @@ +From 844caf8639826ed4ddc6dc7b3ba30bd19f9b21d8 Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Thu, 4 Apr 2024 00:55:47 +0200 +Subject: [PATCH] btrfs-progs: fix double free on error in read_raid56() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported by 'gcc -fanalyzer': +kernel-shared/extent_io.c: In function ‘read_raid56’: +./include/kerncompat.h:393:18: warning: dereference of NULL ‘pointers’ [CWE-476] [-Wanalyzer-null-dereference] + +After allocation of the pointers array fails it's dereferenced in the +exit block. We can return immediately instead. + +Signed-off-by: David Sterba +--- + kernel-shared/extent_io.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/kernel-shared/extent_io.c b/kernel-shared/extent_io.c +index f112983..2063c1d 100644 +--- a/kernel-shared/extent_io.c ++++ b/kernel-shared/extent_io.c +@@ -807,10 +807,9 @@ static int read_raid56(struct btrfs_fs_info *fs_info, void *buf, u64 logical, + ASSERT(len <= BTRFS_STRIPE_LEN); + + pointers = calloc(num_stripes, sizeof(void *)); +- if (!pointers) { +- ret = -ENOMEM; +- goto out; +- } ++ if (!pointers) ++ return -ENOMEM; ++ + /* Allocate memory for the full stripe */ + for (i = 0; i < num_stripes; i++) { + pointers[i] = malloc(BTRFS_STRIPE_LEN); +-- +2.27.0 + diff --git a/btrfs-progs.spec b/btrfs-progs.spec index bdcd25c..93fb211 100644 --- a/btrfs-progs.spec +++ b/btrfs-progs.spec @@ -1,12 +1,13 @@ Name: btrfs-progs Version: 6.0 -Release: 2 +Release: 3 Summary: btrfs userspace programs License: GPLv2 and GPL+ and LGPL-2.1+ and GPL-3.0+ and LGPL-2.1 and MIT URL: https://btrfs.wiki.kernel.org/index.php/Main_Page Source0: https://www.kernel.org/pub/linux/kernel/people/kdave/%{name}/%{name}-v%{version}.tar.xz Patch0001: 0001-fix-exclusive-op-enqueue-timeout.patch +Patch0002: 0002-fix-double-free-on-error-in-read_raid56.patch BuildRequires: python3-devel >= 3.4 BuildRequires: libacl-devel, e2fsprogs-devel, libblkid-devel, libuuid-devel, zlib-devel, libzstd-devel, lzo-devel, systemd-devel @@ -72,6 +73,9 @@ make mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir %{_mandir}/man8/*.gz %changelog +* Tue Jul 2 2024 zhangyaqi - 6.0-3 +- fix double free on error in read_raid56() + * Fri Apr 19 2024 cenhuilin - 6.0-2 - fix exclusive op enqueue timeout -- Gitee