xfs: check _alloc_read_agf buffer pointer before using
authorDarrick J. Wong <darrick.wong@oracle.com>
Mon, 17 Jul 2017 21:30:57 +0000 (14:30 -0700)
committerDarrick J. Wong <darrick.wong@oracle.com>
Thu, 20 Jul 2017 21:42:33 +0000 (14:42 -0700)
In some circumstances, _alloc_read_agf can return an error code of zero
but also a null AGF buffer pointer.  Check for this and jump out.

Fixes-coverity-id: 1415250
Fixes-coverity-id: 1415320
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
fs/xfs/libxfs/xfs_refcount.c
fs/xfs/xfs_reflink.c

index 900ea231f9a3d3d0e8bbbf9bb0f43e24f342f3e2..45b1c3b4e047b1682ded2e0aca55f7160163986e 100644 (file)
@@ -1638,6 +1638,10 @@ xfs_refcount_recover_cow_leftovers(
        error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
        if (error)
                goto out_trans;
+       if (!agbp) {
+               error = -ENOMEM;
+               goto out_trans;
+       }
        cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
 
        /* Find all the leftover CoW staging extents. */
index d9b3d57a1921f1576222cee33fd446c84c1cf2b9..f45fbf0db9bbea2cfb9578afd76de61b44bc7285 100644 (file)
@@ -170,6 +170,8 @@ xfs_reflink_find_shared(
        error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
        if (error)
                return error;
+       if (!agbp)
+               return -ENOMEM;
 
        cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);