1From fdec633fd661e79b7b81e848b5699775328d70ae Mon Sep 17 00:00:00 2001 2From: zhanchengbin <zhanchengbin1@huawei.com> 3Date: Fri, 31 Dec 2021 15:43:10 +0800 4Subject: e2fsck: avoid theoretical null dereference in end_problem_latch() 5 6This should only happen if there is a programming bug, but better safe 7than sorry. 8 9Link: https://lore.kernel.org/r/9a9c6658-a8b3-794a-85df-c3bdf0470111@huawei.com 10Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com> 11Signed-off-by: Theodore Ts'o <tytso@mit.edu> 12--- 13 e2fsck/problem.c | 6 ++++-- 14 1 file changed, 4 insertions(+), 2 deletions(-) 15 16diff --git a/e2fsck/problem.c b/e2fsck/problem.c 17index 46a74273..95f0ace8 100644 18--- a/e2fsck/problem.c 19+++ b/e2fsck/problem.c 20@@ -2321,6 +2321,8 @@ int end_problem_latch(e2fsck_t ctx, int mask) 21 int answer = -1; 22 23 ldesc = find_latch(mask); 24+ if (!ldesc) 25+ return answer; 26 if (ldesc->end_message && (ldesc->flags & PRL_LATCHED)) { 27 clear_problem_context(&pctx); 28 answer = fix_problem(ctx, ldesc->end_message, &pctx); 29@@ -2467,8 +2469,8 @@ int fix_problem(e2fsck_t ctx, problem_t code, struct problem_context *pctx) 30 * Do special latch processing. This is where we ask the 31 * latch question, if it exists 32 */ 33- if (ptr->flags & PR_LATCH_MASK) { 34- ldesc = find_latch(ptr->flags & PR_LATCH_MASK); 35+ if (ptr->flags & PR_LATCH_MASK && 36+ (ldesc = find_latch(ptr->flags & PR_LATCH_MASK)) != NULL) { 37 if (ldesc->question && !(ldesc->flags & PRL_LATCHED)) { 38 ans = fix_problem(ctx, ldesc->question, pctx); 39 if (ans == 1) 40-- 41cgit 42 43