diff options
author | Jeff Layton <jlayton@redhat.com> | 2014-04-15 12:48:49 -0400 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2014-04-16 22:54:30 -0500 |
commit | bae9f746a18ee31bbeeb25ae6615805ed6eca173 (patch) | |
tree | 8348a46f641e95a064eb42373023a4878666e8ba /fs | |
parent | 8e3ecc87695f4a7e9e217ebd55ca6a39b6a451b8 (diff) | |
download | op-kernel-dev-bae9f746a18ee31bbeeb25ae6615805ed6eca173.zip op-kernel-dev-bae9f746a18ee31bbeeb25ae6615805ed6eca173.tar.gz |
cifs: fix error handling cifs_user_readv
Coverity says:
*** CID 1202537: Dereference after null check (FORWARD_NULL)
/fs/cifs/file.c: 2873 in cifs_user_readv()
2867 cur_len = min_t(const size_t, len - total_read, cifs_sb->rsize);
2868 npages = DIV_ROUND_UP(cur_len, PAGE_SIZE);
2869
2870 /* allocate a readdata struct */
2871 rdata = cifs_readdata_alloc(npages,
2872 cifs_uncached_readv_complete);
>>> CID 1202537: Dereference after null check (FORWARD_NULL)
>>> Comparing "rdata" to null implies that "rdata" might be null.
2873 if (!rdata) {
2874 rc = -ENOMEM;
2875 goto error;
2876 }
2877
2878 rc = cifs_read_allocate_pages(rdata, npages);
...when we "goto error", rc will be non-zero, and then we end up trying
to do a kref_put on the rdata (which is NULL). Fix this by replacing
the "goto error" with a "break".
Reported-by: <scan-admin@coverity.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/file.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index d8ee762..a875eed 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2882,7 +2882,7 @@ ssize_t cifs_user_readv(struct kiocb *iocb, const struct iovec *iov, cifs_uncached_readv_complete); if (!rdata) { rc = -ENOMEM; - goto error; + break; } rc = cifs_read_allocate_pages(rdata, npages); |