1dc728923Sopenharmony_ciFrom fdec633fd661e79b7b81e848b5699775328d70ae Mon Sep 17 00:00:00 2001 2dc728923Sopenharmony_ciFrom: zhanchengbin <zhanchengbin1@huawei.com> 3dc728923Sopenharmony_ciDate: Fri, 31 Dec 2021 15:43:10 +0800 4dc728923Sopenharmony_ciSubject: e2fsck: avoid theoretical null dereference in end_problem_latch() 5dc728923Sopenharmony_ci 6dc728923Sopenharmony_ciThis should only happen if there is a programming bug, but better safe 7dc728923Sopenharmony_cithan sorry. 8dc728923Sopenharmony_ci 9dc728923Sopenharmony_ciLink: https://lore.kernel.org/r/9a9c6658-a8b3-794a-85df-c3bdf0470111@huawei.com 10dc728923Sopenharmony_ciSigned-off-by: zhanchengbin <zhanchengbin1@huawei.com> 11dc728923Sopenharmony_ciSigned-off-by: Theodore Ts'o <tytso@mit.edu> 12dc728923Sopenharmony_ci--- 13dc728923Sopenharmony_ci e2fsck/problem.c | 6 ++++-- 14dc728923Sopenharmony_ci 1 file changed, 4 insertions(+), 2 deletions(-) 15dc728923Sopenharmony_ci 16dc728923Sopenharmony_cidiff --git a/e2fsck/problem.c b/e2fsck/problem.c 17dc728923Sopenharmony_ciindex 46a74273..95f0ace8 100644 18dc728923Sopenharmony_ci--- a/e2fsck/problem.c 19dc728923Sopenharmony_ci+++ b/e2fsck/problem.c 20dc728923Sopenharmony_ci@@ -2321,6 +2321,8 @@ int end_problem_latch(e2fsck_t ctx, int mask) 21dc728923Sopenharmony_ci int answer = -1; 22dc728923Sopenharmony_ci 23dc728923Sopenharmony_ci ldesc = find_latch(mask); 24dc728923Sopenharmony_ci+ if (!ldesc) 25dc728923Sopenharmony_ci+ return answer; 26dc728923Sopenharmony_ci if (ldesc->end_message && (ldesc->flags & PRL_LATCHED)) { 27dc728923Sopenharmony_ci clear_problem_context(&pctx); 28dc728923Sopenharmony_ci answer = fix_problem(ctx, ldesc->end_message, &pctx); 29dc728923Sopenharmony_ci@@ -2467,8 +2469,8 @@ int fix_problem(e2fsck_t ctx, problem_t code, struct problem_context *pctx) 30dc728923Sopenharmony_ci * Do special latch processing. This is where we ask the 31dc728923Sopenharmony_ci * latch question, if it exists 32dc728923Sopenharmony_ci */ 33dc728923Sopenharmony_ci- if (ptr->flags & PR_LATCH_MASK) { 34dc728923Sopenharmony_ci- ldesc = find_latch(ptr->flags & PR_LATCH_MASK); 35dc728923Sopenharmony_ci+ if (ptr->flags & PR_LATCH_MASK && 36dc728923Sopenharmony_ci+ (ldesc = find_latch(ptr->flags & PR_LATCH_MASK)) != NULL) { 37dc728923Sopenharmony_ci if (ldesc->question && !(ldesc->flags & PRL_LATCHED)) { 38dc728923Sopenharmony_ci ans = fix_problem(ctx, ldesc->question, pctx); 39dc728923Sopenharmony_ci if (ans == 1) 40dc728923Sopenharmony_ci-- 41dc728923Sopenharmony_cicgit 42dc728923Sopenharmony_ci 43