1. Patchew
  2. linux
  3. View series

[PATCH] hfsplus: Fix error pointer dereference

Ethan Tidmore posted 1 patch 1 month, 3 weeks ago 
fs/hfsplus/brec.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH] hfsplus: Fix error pointer dereference
Posted by Ethan Tidmore 1 month, 3 weeks ago 
The function hfs_bnode_find() can return an error pointer and is not
checked for one. Add error pointer check.

Detected by Smatch:
fs/hfsplus/brec.c:441 hfs_brec_update_parent() error: 
'fd->bnode' dereferencing possible ERR_PTR()

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
 fs/hfsplus/brec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
index 6796c1a80e99..efe79a8f1d98 100644
--- a/fs/hfsplus/brec.c
+++ b/fs/hfsplus/brec.c
@@ -434,6 +434,9 @@ static int hfs_brec_update_parent(struct hfs_find_data *fd)
 			new_node->parent = tree->root;
 		}
 		fd->bnode = hfs_bnode_find(tree, new_node->parent);
+		if (IS_ERR(fd->bnode))
+			return PTR_ERR(fd->bnode);
+
 		/* create index key and entry */
 		hfs_bnode_read_key(new_node, fd->search_key, 14);
 		cnid = cpu_to_be32(new_node->this);
-- 
2.53.0
Re: [PATCH] hfsplus: Fix error pointer dereference
Posted by Viacheslav Dubeyko 1 month, 3 weeks ago 
On Wed, 2026-02-18 at 13:33 -0600, Ethan Tidmore wrote:
> The function hfs_bnode_find() can return an error pointer and is not
> checked for one. Add error pointer check.
> 

If we take a look into the hfs_brec_update_parent(), then we can see that parent
node is already found as valid node [1]. And new_node has been prepared with
parent node set in hfs_bnode_split() [2]. It's highly not possible to have not
valid pointer for this call. I don't think that we really need this check.

Thanks,
Slava.

> Detected by Smatch:
> fs/hfsplus/brec.c:441 hfs_brec_update_parent() error: 
> 'fd->bnode' dereferencing possible ERR_PTR()
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
> ---
>  fs/hfsplus/brec.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
> index 6796c1a80e99..efe79a8f1d98 100644
> --- a/fs/hfsplus/brec.c
> +++ b/fs/hfsplus/brec.c
> @@ -434,6 +434,9 @@ static int hfs_brec_update_parent(struct hfs_find_data *fd)
>  			new_node->parent = tree->root;
>  		}
>  		fd->bnode = hfs_bnode_find(tree, new_node->parent);
> +		if (IS_ERR(fd->bnode))
> +			return PTR_ERR(fd->bnode);
> +
>  		/* create index key and entry */
>  		hfs_bnode_read_key(new_node, fd->search_key, 14);
>  		cnid = cpu_to_be32(new_node->this);

[1] https://elixir.bootlin.com/linux/v6.19-rc5/source/fs/hfsplus/brec.c#L371
[2] https://elixir.bootlin.com/linux/v6.19-rc5/source/fs/hfsplus/brec.c#L253

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.