summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wilcox <mawilcox@microsoft.com>2017-01-30 22:22:30 +0100
committerMatthew Wilcox <mawilcox@microsoft.com>2017-02-14 03:44:05 +0100
commitf7137f79c57f228321dde2ab4586015504feaaac (patch)
tree2e8fb8bf6e705b3b002f9f2d41b286b76571caff
parentradix-tree: Store a pointer to the root in each node (diff)
downloadlinux-f7137f79c57f228321dde2ab4586015504feaaac.tar.xz
linux-f7137f79c57f228321dde2ab4586015504feaaac.zip
radix_tree_iter_resume: Fix out of bounds error
The address sanitizer occasionally finds an out of bounds error while running the test-suite. It turned out to be a read of the pointer immediately next to the tree root, but this out of bounds error could have occurred elsewhere. This happens because radix_tree_iter_resume() dereferences 'slot' before checking whether we've come to the end of the chunk. We can just delete this line; the value was never used. Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
-rw-r--r--lib/radix-tree.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index dcb9a2329e65..c1c079ffadcd 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -1685,7 +1685,6 @@ void **radix_tree_iter_resume(void **slot, struct radix_tree_iter *iter)
slot++;
iter->index = __radix_tree_iter_add(iter, 1);
- node = rcu_dereference_raw(*slot);
skip_siblings(&node, slot, iter);
iter->next_index = iter->index;
iter->tags = 0;