diff options
| author | David Howells <dhowells@redhat.com> | 2015-01-27 15:01:18 +0000 | 
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2015-02-20 04:56:45 -0500 | 
| commit | a95104fd3393080e8bcca348f51996f5f0f5ccb6 (patch) | |
| tree | 9773b427626ae8c40b7a511082b0a84b8ffe1579 /net/lapb/lapb_iface.c | |
| parent | fed0b588be2f55822013808a2968c228258d921b (diff) | |
Infiniband: Fix potential NULL d_inode dereference
Code that does this:
	if (!(d_unhashed(tmp) && tmp->d_inode)) {
		...
		simple_unlink(parent->d_inode, tmp);
	}
is broken because:
	!(d_unhashed(tmp) && tmp->d_inode)
is equivalent to:
	!d_unhashed(tmp) || !tmp->d_inode
so it is possible to get into simple_unlink() with tmp->d_inode == NULL.
simple_unlink(), however, assumes tmp->d_inode cannot be NULL.
I think that what was meant is this:
	!d_unhashed(tmp) && tmp->d_inode
and that the logical-not operator or the final close-bracket was misplaced.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Bryan O'Sullivan <bos@pathscale.com>
cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/lapb/lapb_iface.c')
0 files changed, 0 insertions, 0 deletions
