From b8017d2957fb0ebf0c2aa91d48f2465f6f799738 Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov Date: Wed, 8 Aug 2012 21:02:37 +0400 Subject: exofs: check for allocation failure in uri_store() There is no memory allocation failure check in uri_store(). That can lead to NULL pointer dereference. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Boaz Harrosh --- fs/exofs/sys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/exofs/sys.c b/fs/exofs/sys.c index 5a7b691..1b4f2f9 100644 --- a/fs/exofs/sys.c +++ b/fs/exofs/sys.c @@ -80,8 +80,13 @@ static ssize_t uri_show(struct exofs_dev *edp, char *buf) static ssize_t uri_store(struct exofs_dev *edp, const char *buf, size_t len) { + uint8_t *new_uri; + edp->urilen = strlen(buf) + 1; - edp->uri = krealloc(edp->uri, edp->urilen, GFP_KERNEL); + new_uri = krealloc(edp->uri, edp->urilen, GFP_KERNEL); + if (new_uri == NULL) + return -ENOMEM; + edp->uri = new_uri; strncpy(edp->uri, buf, edp->urilen); return edp->urilen; } -- cgit v1.1 From 74b217d0d3a46132fb61adab91d53c57e0d8f68a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 2 Oct 2012 11:28:45 +0300 Subject: ore: signedness bug in _sp2d_min_pg() This for loop doesn't work correctly when "p" is unsigned. Signed-off-by: Dan Carpenter --- fs/exofs/ore_raid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/exofs/ore_raid.c b/fs/exofs/ore_raid.c index 5f376d1..b963f38 100644 --- a/fs/exofs/ore_raid.c +++ b/fs/exofs/ore_raid.c @@ -203,7 +203,7 @@ static unsigned _sp2d_min_pg(struct __stripe_pages_2d *sp2d) static unsigned _sp2d_max_pg(struct __stripe_pages_2d *sp2d) { - unsigned p; + int p; for (p = sp2d->pages_in_unit - 1; p >= 0; --p) { struct __1_page_stripe *_1ps = &sp2d->_1p_stripes[p]; -- cgit v1.1