Fixes a NULL pointer dereference caused by reiserfsck. buffer_info_init_bh()
is called with a NULL "tb" argument, but the inline implementation of that
function was not prepared to handle it:
Core was generated by `/Data/Compile/Sources/reiserfsprogs-3.6.25/fsck/.libs/lt-reiserfsck --fix-fixab'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fe0d63ef48d in buffer_info_init_bh (tb=0x0, bi=0x7fff03ad3630, bh=0xb60db0) at ../include/reiserfs_fs.h:1584
1584 bi->bi_fs = tb->tb_fs;
(gdb) bt
#0 0x00007fe0d63ef48d in buffer_info_init_bh (tb=0x0, bi=0x7fff03ad3630, bh=0xb60db0) at ../include/reiserfs_fs.h:1584
#1 0x00007fe0d63f21f9 in delete_item (fs=0xb40710, bh=0xb60db0, item_num=0) at lbalance.c:1157
#2 0x000000000040a3aa in pass0_correct_leaf (fs=0xb40710, bh=0xb60db0) at pass0.c:768
#3 0x000000000040deab in do_pass_0 (fs=0xb40710) at pass0.c:1928
#4 0x000000000040f74f in misc_set_bit (nr=4257615, addr=0x7fff03ad3770) at ../include/misc.h:94
#5 0x0000000000406cb0 in rebuild_tree (fs=0xb40710) at main.c:941
#6 0x00000000004088ba in misc_set_bit (nr=140733255074915, addr=0x42a630 <__libc_csu_init+64>) at ../include/misc.h:92
#7 0x00007fe0d5e58291 in __libc_start_main (main=0x4081a4 <main+64>, argc=7, argv=0x7fff03ad38e8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fff03ad38d8) at ../csu/libc-start.c:289
#8 0x00000000004048ca in deregister_tm_clones ()
#9 0x00007fff03ad38d8 in ?? ()
#10 0x000000000000001c in ?? ()
#11 0x0000000000000007 in ?? ()
#12 0x00007fff03ad43ec in ?? ()
#13 0x00007fff03ad4430 in ?? ()
#14 0x00007fff03ad443e in ?? ()
#15 0x00007fff03ad4446 in ?? ()
#16 0x00007fff03ad444c in ?? ()
#17 0x00007fff03ad4454 in ?? ()
#18 0x00007fff03ad4463 in ?? ()
#19 0x0000000000000000 in ?? ()
(gdb) up
#1 0x00007fe0d63f21f9 in delete_item (fs=0xb40710, bh=0xb60db0, item_num=0) at lbalance.c:1157
1157 buffer_info_init_bh(NULL, &bi, bh);
Signed-off-by: Lucas C. Villa Real <lucasvr@gobolinux.org>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
1 file changed
