Changeset 9d9bfe59 in rtems

Timestamp:

07/24/19 02:46:58 (4 years ago)

Author:

Jia-Ju Bai <baijiaju1990@…>

Branches:

master

Children:

cdac3ca

Parents:

b33c3d4

git-author:

Jia-Ju Bai <baijiaju1990@…> (07/24/19 02:46:58)

git-committer:

Sebastian Huber <sebastian.huber@…> (06/20/22 11:25:32)

Message:

jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()

In jffs2_add_frag_to_fragtree(), there is an if statement on line 223 to
check whether "this" is NULL:

if (this)

When "this" is NULL, it is used at several places, such as on line 249:

if (this->node)

and on line 260:

if (newfrag->ofs > this->ofs)

Thus possible null-pointer dereferences may occur.

To fix these bugs, -EINVAL is returned when "this" is NULL.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@…>
Signed-off-by: Richard Weinberger <richard@…>

File:

• cpukit/libfs/src/jffs2/src/nodelist.c (modified) (1 diff)

cpukit/libfs/src/jffs2/src/nodelist.c

@@ -229 +229 @@
         } else {
                 dbg_fragtree2("lookup gave no frag\n");
-                lastend = 0;
+                return -EINVAL;
         }