summaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorChris Mason <chris.mason@oracle.com>2008-11-10 11:44:58 -0500
committerChris Mason <chris.mason@oracle.com>2008-11-10 11:44:58 -0500
commite04ca626baee684bea9d6239e4e1119b696101b2 (patch)
treef5327eae3e8393f19ef9f40426efb8b3488f36f6 /fs/btrfs
parentff5b7ee33d82414bf4baf299c21fb703bcc89629 (diff)
downloadkernel-crypto-e04ca626baee684bea9d6239e4e1119b696101b2.tar.gz
kernel-crypto-e04ca626baee684bea9d6239e4e1119b696101b2.tar.xz
kernel-crypto-e04ca626baee684bea9d6239e4e1119b696101b2.zip
Btrfs: Fix use after free during compressed reads
Yan's fix to use the correct file offset during compressed reads used the extent_map struct pointer after it had been freed. This saves the fields we want for later use instead. Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/compression.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c
index 8e7a78acf81..b582c6fd80f 100644
--- a/fs/btrfs/compression.c
+++ b/fs/btrfs/compression.c
@@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
struct block_device *bdev;
struct bio *comp_bio;
u64 cur_disk_byte = (u64)bio->bi_sector << 9;
+ u64 em_len;
+ u64 em_start;
struct extent_map *em;
int ret;
@@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
cb->start = em->orig_start;
compressed_len = em->block_len;
+ em_len = em->len;
+ em_start = em->start;
free_extent_map(em);
+ em = NULL;
cb->len = uncompressed_len;
cb->compressed_len = compressed_len;
@@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
}
cb->nr_pages = nr_pages;
- add_ra_bio_pages(inode, em->start + em->len, cb);
+ add_ra_bio_pages(inode, em_start + em_len, cb);
if (!btrfs_test_opt(root, NODATASUM) &&
!btrfs_test_flag(inode, NODATASUM)) {