btrfs-progs/0006-fix-double-free-on-error-in-read_raid56.patch

From 844caf8639826ed4ddc6dc7b3ba30bd19f9b21d8 Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Thu, 4 Apr 2024 00:55:47 +0200
Subject: [PATCH] btrfs-progs: fix double free on error in read_raid56()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by 'gcc -fanalyzer':
kernel-shared/extent_io.c: In function ‘read_raid56’:
./include/kerncompat.h:393:18: warning: dereference of NULL ‘pointers’ [CWE-476] [-Wanalyzer-null-dereference]

After allocation of the pointers array fails it's dereferenced in the
exit block. We can return immediately instead.

Signed-off-by: David Sterba <dsterba@suse.com>

---
 kernel-shared/extent_io.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/kernel-shared/extent_io.c b/kernel-shared/extent_io.c
index ee19430..e62ca63 100644
--- a/kernel-shared/extent_io.c
+++ b/kernel-shared/extent_io.c
@@ -339,10 +339,9 @@ static int read_raid56(struct btrfs_fs_info *fs_info, void *buf, u64 logical,
 	ASSERT(len <= BTRFS_STRIPE_LEN);
 
 	pointers = calloc(num_stripes, sizeof(void *));
-	if (!pointers) {
-		ret = -ENOMEM;
-		goto out;
-	}
+	if (!pointers)
+		return -ENOMEM;
+
 	/* Allocate memory for the full stripe */
 	for (i = 0; i < num_stripes; i++) {
 		pointers[i] = kmalloc(BTRFS_STRIPE_LEN, GFP_KERNEL);
-- 
2.27.0