diff options
author | Joseph Qi <joseph.qi@huawei.com> | 2013-09-11 23:19:58 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-09-12 00:56:49 +0200 |
commit | 6cae6d3189ef34647bca9b9b1d240ebd760e5dea (patch) | |
tree | d6ee5de8ce6ca54b689ac132b7ba1ac0605d712f /fs/ocfs2/xattr.c | |
parent | ocfs2/dlm: force clean refmap when doing local cleanup (diff) | |
download | linux-6cae6d3189ef34647bca9b9b1d240ebd760e5dea.tar.xz linux-6cae6d3189ef34647bca9b9b1d240ebd760e5dea.zip |
ocfs2: fix possible double free in ocfs2_reflink_xattr_rec
In ocfs2_reflink_xattr_rec(), meta_ac and data_ac are allocated by calling
ocfs2_lock_reflink_xattr_rec_allocators().
Once an error occurs when allocating *data_ac, it frees *meta_ac which is
allocated before. Here it mistakenly sets meta_ac to NULL but *meta_ac.
Then ocfs2_reflink_xattr_rec() will try to free meta_ac again which is
already invalid.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: Jie Liu <jeff.liu@oracle.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ocfs2/xattr.c')
-rw-r--r-- | fs/ocfs2/xattr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 18330f5b57be..6ce0686eab72 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -6802,7 +6802,7 @@ out: if (ret) { if (*meta_ac) { ocfs2_free_alloc_context(*meta_ac); - meta_ac = NULL; + *meta_ac = NULL; } } |