From c6d2d05ee6ff4f2ea7e60df00b2d36073cced30b Mon Sep 17 00:00:00 2001 From: David Sterba Date: Thu, 4 Apr 2024 01:29:36 +0200 Subject: [PATCH] libbtrfsutil: pass temporary subvol info buffer in btrfs_util_deleted_subvolumes_fd() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported by 'gcc -fanalyzer': libbtrfsutil/subvolume.c:415:20: warning: dereference of NULL ‘subvol’ [CWE-476] [-Wanalyzer-null-dereference] The analyzer found a path where the NULL pointer passed as argument to btrfs_util_subvolume_info_fd() could be dereferenced. This is unlikely unless there's a corruption on the disk as the header->offset would have to be 0. Pass a valid temporary buffer so this does not happen but there's no use of it otherwise. Signed-off-by: David Sterba --- libbtrfsutil/subvolume.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libbtrfsutil/subvolume.c b/libbtrfsutil/subvolume.c index 5a836e65..cc3cca5f 100644 --- a/libbtrfsutil/subvolume.c +++ b/libbtrfsutil/subvolume.c @@ -1739,6 +1739,7 @@ PUBLIC enum btrfs_util_error btrfs_util_deleted_subvolumes_fd(int fd, *n = 0; for (;;) { const struct btrfs_ioctl_search_header *header; + struct btrfs_util_subvolume_info subvol; if (items_pos >= search.key.nr_items) { search.key.nr_items = 4096; @@ -1760,7 +1761,7 @@ PUBLIC enum btrfs_util_error btrfs_util_deleted_subvolumes_fd(int fd, * The orphan item might be for a free space cache inode, so * check if there's a matching root item. */ - err = btrfs_util_subvolume_info_fd(fd, header->offset, NULL); + err = btrfs_util_subvolume_info_fd(fd, header->offset, &subvol); if (!err) { if (*n >= capacity) { size_t new_capacity;