Showing error 1753

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: fs/ext4/namei.c
Line in file: 1541
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-10 20:24:52 UTC

Source: 

1511                goto journal_error;
1512
1513        err = add_dirent_to_buf(handle, dentry, inode, NULL, bh);
1514        if (err != -ENOSPC) {
1515                bh = NULL;
1516                goto cleanup;
1517        }
1518
1519        /* Block full, should compress but for now just split */
1520        dxtrace(printk(KERN_DEBUG "using %u of %u node entries\n",
1521                       dx_get_count(entries), dx_get_limit(entries)));
1522        /* Need to split index? */
1523        if (dx_get_count(entries) == dx_get_limit(entries)) {
1524                ext4_lblk_t newblock;
1525                unsigned icount = dx_get_count(entries);
1526                int levels = frame - frames;
1527                struct dx_entry *entries2;
1528                struct dx_node *node2;
1529                struct buffer_head *bh2;
1530
1531                if (levels && (dx_get_count(frames->entries) ==
1532                               dx_get_limit(frames->entries))) {
1533                        ext4_warning(sb, __func__,
1534                                     "Directory index full!");
1535                        err = -ENOSPC;
1536                        goto cleanup;
1537                }
1538                bh2 = ext4_append (handle, dir, &newblock, &err);
1539                if (!(bh2))
1540                        goto cleanup;
1541                node2 = (struct dx_node *)(bh2->b_data);
1542                entries2 = node2->entries;
1543                node2->fake.rec_len = ext4_rec_len_to_disk(sb->s_blocksize);
1544                node2->fake.inode = 0;
1545                BUFFER_TRACE(frame->bh, "get_write_access");
1546                err = ext4_journal_get_write_access(handle, frame->bh);
1547                if (err)
1548                        goto journal_error;
1549                if (levels) {
1550                        unsigned icount1 = icount/2, icount2 = icount - icount1;
1551                        unsigned hash2 = dx_get_hash(entries + icount1);
Show full sources