diff options
| author |   Filipe Manana <fdmanana@suse.com> | 2025-04-16 15:56:53 +0100 |
|---|---|---|
| committer |   David Sterba <dsterba@suse.com> | 2025-05-15 14:30:51 +0200 |
| commit | 67f10a10187b17ac62abddf66d16cec9d0f89a7c (patch) | |
| tree | 59c24fa60c3c73dc477149dc11cf7e477d70615f | |
| parent | btrfs: simplify last record detection at btrfs_convert_extent_bit() (diff) | |
| download | linux-rng-67f10a10187b17ac62abddf66d16cec9d0f89a7c.tar.xz linux-rng-67f10a10187b17ac62abddf66d16cec9d0f89a7c.zip | |
btrfs: exit after state insertion failure at set_extent_bit()
If insert_state() state failed it returns an error pointer and we call
extent_io_tree_panic() which will trigger a BUG() call. However if
CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then
we fallthrough and call cache_state() which will dereference the error
pointer, resulting in an invalid memory access.
So jump to the 'out' label after calling extent_io_tree_panic(), it also
makes the code more clear besides dealing with the exotic scenario where
CONFIG_BUG is disabled.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
| -rw-r--r-- | fs/btrfs/extent-io-tree.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/btrfs/extent-io-tree.c b/fs/btrfs/extent-io-tree.c index bf2152ff8efa..29cf3a01294f 100644 --- a/fs/btrfs/extent-io-tree.c +++ b/fs/btrfs/extent-io-tree.c @@ -1223,6 +1223,7 @@ hit_next: if (IS_ERR(inserted_state)) { ret = PTR_ERR(inserted_state); extent_io_tree_panic(tree, prealloc, "insert", ret); + goto out; } cache_state(inserted_state, cached_state); |