diff options
author | Anton Altaparmakov <anton@tuxera.com> | 2011-01-28 20:45:28 +0000 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-31 12:58:11 +1000 |
commit | af5eb745efe97d91d2cbe793029838b3311c15da (patch) | |
tree | c2e410318a3f38928255ebf9ab18332b871e17f0 /Documentation/filesystems/ntfs.txt | |
parent | 9fbf0c08d441888b977f7c459c8aa57f2c0cb6ad (diff) | |
download | op-kernel-dev-af5eb745efe97d91d2cbe793029838b3311c15da.zip op-kernel-dev-af5eb745efe97d91d2cbe793029838b3311c15da.tar.gz |
NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc().
In ntfs_mft_record_alloc() when mapping the new extent mft record with
map_extent_mft_record() we overwrite @m with the return value and on
error, we then try to use the old @m but that is no longer there as @m
now contains an error code instead so we crash when dereferencing the
error code as if it were a pointer.
The simple fix is to use a temporary variable to store the return value
thus preserving the original @m for later use. This is a backport from
the commercial Tuxera-NTFS driver and is well tested...
Thanks go to Julia Lawall for pointing this out (whilst I had fixed it
in the commercial driver I had failed to fix it in the Linux kernel).
Signed-off-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation/filesystems/ntfs.txt')
-rw-r--r-- | Documentation/filesystems/ntfs.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/filesystems/ntfs.txt b/Documentation/filesystems/ntfs.txt index 6ef8cf3..933bc66 100644 --- a/Documentation/filesystems/ntfs.txt +++ b/Documentation/filesystems/ntfs.txt @@ -460,6 +460,8 @@ Note, a technical ChangeLog aimed at kernel hackers is in fs/ntfs/ChangeLog. 2.1.30: - Fix writev() (it kept writing the first segment over and over again instead of moving onto subsequent segments). + - Fix crash in ntfs_mft_record_alloc() when mapping the new extent mft + record failed. 2.1.29: - Fix a deadlock when mounting read-write. 2.1.28: |