Skip to content

Commit

Permalink
Fix hfsplus oops on image without extents
Browse files Browse the repository at this point in the history 
Fix an oops with a corrupted hfs+ image.

See http://bugzilla.kernel.org/show_bug.cgi?id=10548 for details.

Problem is that we call hfs_btree_open() from hfsplus_fill_super() to set
HFSPLUS_SB(sb).[ext_tree|cat_tree] Both trees are still NULL at this moment.
If hfs_btree_open() fails for any reason it calls iput() on the page, which
gets to hfsplus_releasepage() which tries to access HFSPLUS_SB(sb).* which is
still NULL and oopses while dereferencing it.

[[email protected]: build fix]
Signed-off-by: Eric Sesterhenn <[email protected]>
Cc: Roman Zippel <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@SesterhennEric @torvalds
SesterhennEric authored and torvalds committed May 13, 2008
1 parent 4413a0f commit 7063224
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions fs/hfsplus/inode.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ static int hfsplus_releasepage(struct page *page, gfp_t mask)
BUG();
return 0;
}
if (!tree)
return 0;
if (tree->node_size >= PAGE_CACHE_SIZE) {
nidx = page->index >> (tree->node_size_shift - PAGE_CACHE_SHIFT);
spin_lock(&tree->hash_lock);
Expand Down

0 comments on commit 7063224

Please sign in to comment.