RepoMirrors
/
btrfs-progs
mirror of https://github.com/kdave/btrfs-progs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libbtrfsutil: pass temporary subvol info buffer in btrfs_util_deleted_subvolumes_fd() 

Reported by 'gcc -fanalyzer':
libbtrfsutil/subvolume.c:415:20: warning: dereference of NULL ‘subvol’ [CWE-476] [-Wanalyzer-null-dereference]

The analyzer found a path where the NULL pointer passed as argument to
btrfs_util_subvolume_info_fd() could be dereferenced. This is unlikely
unless there's a corruption on the disk as the header->offset would have
to be 0. Pass a valid temporary buffer so this does not happen but
there's no use of it otherwise.

Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
David Sterba 2024-04-04 01:29:36 +02:00
parent c17d3b2969
commit c6d2d05ee6
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libbtrfsutil/subvolume.c
View File

@ -1739,6 +1739,7 @@ PUBLIC enum btrfs_util_error btrfs_util_deleted_subvolumes_fd(int fd,
*n = 0;
for (;;) {
const struct btrfs_ioctl_search_header *header;
struct btrfs_util_subvolume_info subvol;
if (items_pos >= search.key.nr_items) {
search.key.nr_items = 4096;
@ -1760,7 +1761,7 @@ PUBLIC enum btrfs_util_error btrfs_util_deleted_subvolumes_fd(int fd,
* The orphan item might be for a free space cache inode, so
* check if there's a matching root item.
*/
err = btrfs_util_subvolume_info_fd(fd, header->offset, NULL);
err = btrfs_util_subvolume_info_fd(fd, header->offset, &subvol);
if (!err) {
if (*n >= capacity) {
size_t new_capacity;