cifs: fix error handling cifs_user_readv
authorJeff Layton <jlayton@redhat.com>
Tue, 15 Apr 2014 16:48:49 +0000 (12:48 -0400)
committerSteve French <smfrench@gmail.com>
Thu, 17 Apr 2014 03:54:30 +0000 (22:54 -0500)
Coverity says:

*** CID 1202537:  Dereference after null check  (FORWARD_NULL)
/fs/cifs/file.c: 2873 in cifs_user_readv()
2867      cur_len = min_t(const size_t, len - total_read, cifs_sb->rsize);
2868      npages = DIV_ROUND_UP(cur_len, PAGE_SIZE);
2869
2870      /* allocate a readdata struct */
2871      rdata = cifs_readdata_alloc(npages,
2872          cifs_uncached_readv_complete);
>>>     CID 1202537:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "rdata" to null implies that "rdata" might be null.
2873      if (!rdata) {
2874      rc = -ENOMEM;
2875      goto error;
2876      }
2877
2878      rc = cifs_read_allocate_pages(rdata, npages);

...when we "goto error", rc will be non-zero, and then we end up trying
to do a kref_put on the rdata (which is NULL). Fix this by replacing
the "goto error" with a "break".

Reported-by: <scan-admin@coverity.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/file.c

index d8ee76241b649c80222438d4265829114473b462..a875eedfd928e7d33016f03f1aac0db83087fe7d 100644 (file)
@@ -2882,7 +2882,7 @@ ssize_t cifs_user_readv(struct kiocb *iocb, const struct iovec *iov,
                                            cifs_uncached_readv_complete);
                if (!rdata) {
                        rc = -ENOMEM;
-                       goto error;
+                       break;
                }
 
                rc = cifs_read_allocate_pages(rdata, npages);