Btrfs: Fix use after free during compressed reads
Yan's fix to use the correct file offset during compressed reads used the extent_map struct pointer after it had been freed. This saves the fields we want for later use instead. Signed-off-by: Chris Mason <chris.mason@oracle.com>
This commit is contained in:
parent
ff5b7ee33d
commit
e04ca626ba
@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
|
||||
struct block_device *bdev;
|
||||
struct bio *comp_bio;
|
||||
u64 cur_disk_byte = (u64)bio->bi_sector << 9;
|
||||
u64 em_len;
|
||||
u64 em_start;
|
||||
struct extent_map *em;
|
||||
int ret;
|
||||
|
||||
@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
|
||||
|
||||
cb->start = em->orig_start;
|
||||
compressed_len = em->block_len;
|
||||
em_len = em->len;
|
||||
em_start = em->start;
|
||||
free_extent_map(em);
|
||||
em = NULL;
|
||||
|
||||
cb->len = uncompressed_len;
|
||||
cb->compressed_len = compressed_len;
|
||||
@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
|
||||
}
|
||||
cb->nr_pages = nr_pages;
|
||||
|
||||
add_ra_bio_pages(inode, em->start + em->len, cb);
|
||||
add_ra_bio_pages(inode, em_start + em_len, cb);
|
||||
|
||||
if (!btrfs_test_opt(root, NODATASUM) &&
|
||||
!btrfs_test_flag(inode, NODATASUM)) {
|
||||
|
Loading…
Reference in New Issue
Block a user