From 2d3466a348a61c4d7f958ce80020eba17c09d7f7 Mon Sep 17 00:00:00 2001
From: Dmitriy Monakhov <dmonakhov@sw.ru>
Date: Tue, 8 May 2007 00:24:37 -0700
Subject: [PATCH] reiserfs: possible null pointer dereference during resize

sb_read may return NULL, let's explicitly check it.  If so free new bitmap
blocks array, after this we may safely exit as it done above during bitmap
allocation.

Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 fs/reiserfs/resize.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/reiserfs/resize.c b/fs/reiserfs/resize.c
index 315684793d1d..976cc7887a0d 100644
--- a/fs/reiserfs/resize.c
+++ b/fs/reiserfs/resize.c
@@ -131,6 +131,10 @@ int reiserfs_resize(struct super_block *s, unsigned long block_count_new)
 			/* don't use read_bitmap_block since it will cache
 			 * the uninitialized bitmap */
 			bh = sb_bread(s, i * s->s_blocksize * 8);
+			if (!bh) {
+				vfree(bitmap);
+				return -EIO;
+			}
 			memset(bh->b_data, 0, sb_blocksize(sb));
 			reiserfs_test_and_set_le_bit(0, bh->b_data);
 			reiserfs_cache_bitmap_metadata(s, bh, bitmap + i);
-- 
GitLab