diff options
| author | Anand V. Avati <avati@gluster.com> | 2009-10-22 06:24:52 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-12-08 11:17:21 -0800 |
| commit | 4c2d3f19ba21524e0445a2e217e852bc4010d9b3 (patch) | |
| tree | 5d8f7d3dd1176e2f59ea1bb49e9fc646657ebfd7 | |
| parent | e192c2e5db689c874f6e56166face8ac96544350 (diff) | |
fuse: prevent fuse_put_request on invalid pointer
commit f60311d5f7670d9539b424e4ed8b5c0872fc9e83 upstream.
fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.
Signed-off-by: Anand V. Avati <avati@gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | fs/fuse/file.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 0c92f15b9d52..afdde6093f51 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1005,7 +1005,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf, break; } } - fuse_put_request(fc, req); + if (!IS_ERR(req)) + fuse_put_request(fc, req); if (res > 0) { if (write) fuse_write_update_size(inode, pos); |