cifs: fix error handling cifs_user_readv

jtlayton · smfrench · commit bae9f746a18e · 2014-04-16T22:54:30.000-05:00
Coverity says:

*** CID 1202537:  Dereference after null check  (FORWARD_NULL)
/fs/cifs/file.c: 2873 in cifs_user_readv()
2867     		cur_len = min_t(const size_t, len - total_read, cifs_sb-&gt;rsize);
2868     		npages = DIV_ROUND_UP(cur_len, PAGE_SIZE);
2869
2870     		/* allocate a readdata struct */
2871     		rdata = cifs_readdata_alloc(npages,
2872     					    cifs_uncached_readv_complete);
&gt;&gt;&gt;     CID 1202537:  Dereference after null check  (FORWARD_NULL)
&gt;&gt;&gt;     Comparing "rdata" to null implies that "rdata" might be null.
2873     		if (!rdata) {
2874     			rc = -ENOMEM;
2875     			goto error;
2876     		}
2877
2878     		rc = cifs_read_allocate_pages(rdata, npages);

...when we "goto error", rc will be non-zero, and then we end up trying
to do a kref_put on the rdata (which is NULL). Fix this by replacing
the "goto error" with a "break".

Reported-by: &lt;scan-admin@coverity.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
@@ -2882,7 +2882,7 @@ ssize_t cifs_user_readv(struct kiocb *iocb, const struct iovec *iov,
 					    cifs_uncached_readv_complete);
 		if (!rdata) {
 			rc = -ENOMEM;
-			goto error;
+			break;
 		}
 
 		rc = cifs_read_allocate_pages(rdata, npages);

Original file line number	Diff line number	Diff line change
`@@ -2882,7 +2882,7 @@ ssize_t cifs_user_readv(struct kiocb iocb, const struct iovec iov,`
`2882`	`2882`	`cifs_uncached_readv_complete);`
`2883`	`2883`	`if (!rdata) {`
`2884`	`2884`	`rc = -ENOMEM;`
`2885`		`- goto error;`
	`2885`	`+ break;`
`2886`	`2886`	`}`
`2887`	`2887`
`2888`	`2888`	`rc = cifs_read_allocate_pages(rdata, npages);`