[Cluster-devel] [PATCH] hexedit: avoid NULL dereference upon failed malloc

Steven Whitehouse swhiteho at redhat.com
Thu Jul 2 09:37:58 UTC 2009 

Hi,

Also looks good to me,

Steve.

On Fri, 2009-06-19 at 09:40 +0200, Jim Meyering wrote:
> The patch I posted yesterday didn't even compile (missing "&" in memset)
> Thanks to Andy Price for checking and reporting that.
> 
> Here's the corrected version:
> 
> >From 152dbe7a8961cebf355b2f648f813e0c74b5e25f Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering at redhat.com>
> Date: Wed, 17 Jun 2009 16:54:03 +0200
> Subject: [PATCH] hexedit: avoid NULL dereference upon failed malloc
> 
> * gfs2/edit/hexedit.c (display_indirect): Avoid unchecked malloc
> by declaring more_indir on the stack.
> ---
>  gfs2/edit/hexedit.c |   14 ++++++--------
>  1 files changed, 6 insertions(+), 8 deletions(-)
> 
> diff --git a/gfs2/edit/hexedit.c b/gfs2/edit/hexedit.c
> index e8c6030..eef2a7a 100644
> --- a/gfs2/edit/hexedit.c
> +++ b/gfs2/edit/hexedit.c
> @@ -1477,13 +1477,12 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
>  			file_offset = 0;
>  		if (!termlines && ((level + 1 < di.di_height) ||
>  				   (S_ISDIR(di.di_mode) && !level))) {
> -			struct iinfo *more_indir;
>  			int more_ind;
>  			char *tmpbuf;
>  			
> -			more_indir = malloc(sizeof(struct iinfo));
>  			tmpbuf = malloc(sbd.bsize);
>  			if (tmpbuf) {
> +				struct iinfo more_indir;
>  				lseek(sbd.device_fd,
>  				      ind->ii[pndx].block * sbd.bsize,
>  				      SEEK_SET);
> @@ -1498,20 +1497,19 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
>  						(unsigned long long)ind->ii[pndx].block);
>  					exit(-1);
>  				}
> -				memset(more_indir, 0, sizeof(struct iinfo));
> +				memset(&more_indir, 0, sizeof(struct iinfo));
>  				if (S_ISDIR(di.di_mode)) {
> -					do_leaf_extended(tmpbuf, more_indir);
> -					display_leaf(more_indir);
> +					do_leaf_extended(tmpbuf, &more_indir);
> +					display_leaf(&more_indir);
>  				} else {
>  					more_ind = do_indirect_extended(tmpbuf,
> -									more_indir);
> -					display_indirect(more_indir,
> +									&more_indir);
> +					display_indirect(&more_indir,
>  							 more_ind, level + 1,
>  							 file_offset);
>  				}
>  				free(tmpbuf);
>  			}
> -			free(more_indir);
>  		}
>  		print_entry_ndx = pndx; /* restore after recursion */
>  		eol(0);

More information about the Cluster-devel mailing list