Bug 216871

Summary: bug: use after free when journal read failed
Product: File System Reporter: eriri (1527030098)
Component: ReiserFSAssignee: ReiseFS developers team (reiserfs-devel)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 6.0 Subsystem:
Regression: No Bisected commit-id:

Description eriri 2022-12-31 12:13:46 UTC 
When reading the journal header block failed, journal_read return 1. But the caller journal_init ignores the value and doesn't handle this case. It will cause a UAF bug at fs unmount.

https://elixir.bootlin.com/linux/v6.0.1/source/fs/reiserfs/journal.c#L2399