Commit f60311d5 authored by Anand V. Avati's avatar Anand V. Avati Committed by Miklos Szeredi

fuse: prevent fuse_put_request on invalid pointer

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.
Signed-off-by: default avatarAnand V. Avati <avati@gluster.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Cc: stable@kernel.org
parent b419148e
...@@ -1063,6 +1063,7 @@ ssize_t fuse_direct_io(struct file *file, const char __user *buf, ...@@ -1063,6 +1063,7 @@ ssize_t fuse_direct_io(struct file *file, const char __user *buf,
break; break;
} }
} }
if (!IS_ERR(req))
fuse_put_request(fc, req); fuse_put_request(fc, req);
if (res > 0) if (res > 0)
*ppos = pos; *ppos = pos;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment