24622 – Memory allocation failure is not handled in fat_cache_add()

Bug 24622 - Memory allocation failure is not handled in fat_cache_add()

Summary: Memory allocation failure is not handled in fat_cache_add()

Status:	CLOSED CODE_FIX

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	FAT/VFAT/MSDOS (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	OGAWA Hirofumi

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-10 09:36 UTC by Eugene A. Shatokhin
Modified:	2011-05-25 09:12 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	2.6.37-rc5
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Eugene A. Shatokhin 2010-12-10 09:36:47 UTC

The situation when memory allocation made in fat_cache_add() function fails is not handled (fs/fat/cache.c:153):

151: spin_unlock(&MSDOS_I(inode)->cache_lru_lock);
152: 
153: tmp = fat_cache_alloc(inode);
154: spin_lock(&MSDOS_I(inode)->cache_lru_lock); 

This may result in bad pointer dereference when executing 
'cache->fcluster = new->fcluster;' later (fs/fat/cache.c:166).

It seems, this problem is quite unlikely to occur in practice, it only showed up during fault simulation session performed by our tools, but still.

Comment 1 OGAWA Hirofumi 2011-05-25 09:12:05 UTC

This will be fixed by 2.6.40. Thanks

Note You need to log in before you can comment on or make changes to this bug.