• Anton Altaparmakov's avatar
    NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc(). · af5eb745
    Anton Altaparmakov authored
    In ntfs_mft_record_alloc() when mapping the new extent mft record with
    map_extent_mft_record() we overwrite @m with the return value and on
    error, we then try to use the old @m but that is no longer there as @m
    now contains an error code instead so we crash when dereferencing the
    error code as if it were a pointer.
    
    The simple fix is to use a temporary variable to store the return value
    thus preserving the original @m for later use.  This is a backport from
    the commercial Tuxera-NTFS driver and is well tested...
    
    Thanks go to Julia Lawall for pointing this out (whilst I had fixed it
    in the commercial driver I had failed to fix it in the Linux kernel).
    Signed-off-by: default avatarAnton Altaparmakov <anton@tuxera.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    af5eb745
mft.c 99.5 KB