ext4: Fix NULL dereference in ext4_ext_migrate()'s error handling This was found through a code checker (http://repo.or.cz/w/smatch.git/). It looks like you might be able to trigger the error by trying to migrate a readonly file system. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

commit: 090542641de833c6f756895fc2f139f046e298f9 [log] [tgz]
author: Dan Carpenter <error27@gmail.com> Sun Feb 15 20:02:19 2009 -0500
committer: Theodore Ts'o <tytso@mit.edu> Sun Feb 15 20:02:19 2009 -0500
tree: 8a3939e4e72e5107282a5343d2cb50c29e5077a6
parent: 2acf2c261b823d9d9ed954f348b97620297a36b5 [diff] [blame]
diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
index 734abca..fe64d9f 100644
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c

@@ -481,7 +481,7 @@
 					+ 1);
 	if (IS_ERR(handle)) {
 		retval = PTR_ERR(handle);
-		goto err_out;
+		return retval;
 	}
 	tmp_inode = ext4_new_inode(handle,
 				inode->i_sb->s_root->d_inode,
@@ -489,8 +489,7 @@
 	if (IS_ERR(tmp_inode)) {
 		retval = -ENOMEM;
 		ext4_journal_stop(handle);
-		tmp_inode = NULL;
-		goto err_out;
+		return retval;
 	}
 	i_size_write(tmp_inode, i_size_read(inode));
 	/*
@@ -618,8 +617,7 @@
 
 	ext4_journal_stop(handle);
 
-	if (tmp_inode)
-		iput(tmp_inode);
+	iput(tmp_inode);
 
 	return retval;
 }
commit	090542641de833c6f756895fc2f139f046e298f9	[log] [tgz]
author	Dan Carpenter <error27@gmail.com>	Sun Feb 15 20:02:19 2009 -0500
committer	Theodore Ts'o <tytso@mit.edu>	Sun Feb 15 20:02:19 2009 -0500
tree	8a3939e4e72e5107282a5343d2cb50c29e5077a6
parent	2acf2c261b823d9d9ed954f348b97620297a36b5 [diff] [blame]