ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1766

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	fs/reiserfs/super.c
Line in file:	253
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-10 20:24:52 UTC

Source:

 223                item = B_I_PITEM(bh, ih);
 224                obj_key.on_disk_key.k_dir_id = le32_to_cpu(*(__le32 *) item);
 225                obj_key.on_disk_key.k_objectid =
 226                    le32_to_cpu(ih->ih_key.k_objectid);
 227                obj_key.on_disk_key.k_offset = 0;
 228                obj_key.on_disk_key.k_type = 0;
 229
 230                pathrelse(&path);
 231
 232                inode = reiserfs_iget(s, &obj_key);
 233                if (!inode) {
 234                        /* the unlink almost completed, it just did not manage to remove
 235                           "save" link and release objectid */
 236                        reiserfs_warning(s,
 237                                         "vs-2180: finish_unfinished: iget failed for %K",
 238                                         &obj_key);
 239                        retval = remove_save_link_only(s, &save_link_key, 1);
 240                        continue;
 241                }
 242
 243                if (!truncate && inode->i_nlink) {
 244                        /* file is not unlinked */
 245                        reiserfs_warning(s,
 246                                         "vs-2185: finish_unfinished: file %K is not unlinked",
 247                                         &obj_key);
 248                        retval = remove_save_link_only(s, &save_link_key, 0);
 249                        continue;
 250                }
 251                DQUOT_INIT(inode);
 252
 253                if (truncate && S_ISDIR(inode->i_mode)) {
 254                        /* We got a truncate request for a dir which is impossible.
 255                           The only imaginable way is to execute unfinished truncate request
 256                           then boot into old kernel, remove the file and create dir with
 257                           the same key. */
 258                        reiserfs_warning(s,
 259                                         "green-2101: impossible truncate on a directory %k. Please report",
 260                                         INODE_PKEY(inode));
 261                        retval = remove_save_link_only(s, &save_link_key, 0);
 262                        truncate = 0;
 263                        iput(inode);

Show full sources