In btrfs_search_old_slot get_old_root is always used with the
assumption it cannot fail. However, this is not true in rare
circumstance it can fail and return null. This will lead to null
point dereference when the header is read. Fix this by checking the
return value and properly handling NULL by setting ret to -EIO and
returning gracefully.
CID: 1087503
Signed-off-by: Nikolay Borisov <nbori...@suse.com>
---
fs/btrfs/ctree.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 1124d236291d..a5399fd49c17 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2961,6 +2961,10 @@ int btrfs_search_old_slot(struct btrfs_root *root, const
struct btrfs_key *key,
again:
b = get_old_root(root, time_seq);
+ if (!b) {
+ ret = -EIO;
+ goto done;
+ }
level = btrfs_header_level(b);
p->locks[level] = BTRFS_READ_LOCK;
--
2.7.4
