btrfs-progs: fix null pointer deref in balance_level
In case the right buffer is emptied it's first set to NULL and subsequently it's dereferenced to get its size to pass to root_sub_used. This naturally leads to a NULL pointer dereference. The correct thing to do is to pass the stashed right->len in "blocksize". Issue: #296 Pull-request: #360 Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
parent
c6b585034f
commit
0595309541
|
@ -927,7 +927,7 @@ static int balance_level(struct btrfs_trans_handle *trans,
|
|||
if (wret)
|
||||
ret = wret;
|
||||
|
||||
root_sub_used(root, right->len);
|
||||
root_sub_used(root, blocksize);
|
||||
wret = btrfs_free_extent(trans, root, bytenr,
|
||||
blocksize, 0,
|
||||
root->root_key.objectid,
|
||||
|
|
Loading…
Reference in New Issue