From: Chris Mason Date: Mon, 10 Nov 2008 16:44:58 +0000 (-0500) Subject: Btrfs: Fix use after free during compressed reads X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e04ca626baee684bea9d6239e4e1119b696101b2;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git Btrfs: Fix use after free during compressed reads Yan's fix to use the correct file offset during compressed reads used the extent_map struct pointer after it had been freed. This saves the fields we want for later use instead. Signed-off-by: Chris Mason --- diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 8e7a78acf81a..b582c6fd80f2 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, struct block_device *bdev; struct bio *comp_bio; u64 cur_disk_byte = (u64)bio->bi_sector << 9; + u64 em_len; + u64 em_start; struct extent_map *em; int ret; @@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, cb->start = em->orig_start; compressed_len = em->block_len; + em_len = em->len; + em_start = em->start; free_extent_map(em); + em = NULL; cb->len = uncompressed_len; cb->compressed_len = compressed_len; @@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, } cb->nr_pages = nr_pages; - add_ra_bio_pages(inode, em->start + em->len, cb); + add_ra_bio_pages(inode, em_start + em_len, cb); if (!btrfs_test_opt(root, NODATASUM) && !btrfs_test_flag(inode, NODATASUM)) {