Btrfs: fix double free in find_lock_delalloc_range

commit 7d78874273463a784759916fc3e0b4e2eb141c70 upstream. We need to NULL the cached_state after freeing it, otherwise we might free it again if find_delalloc_range doesn't find anything. Signed-off-by: Chris Mason <clm@fb.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: Chris Mason <clm@fb.com> 2014-05-21 05:49:54 -0700
committer: Ben Hutchings <ben@decadent.org.uk> 2014-07-11 13:33:48 +0100
commit: 232270aa2ac2e463afd41cd38665ddb275277d79 (patch)
tree: d3894b4ac3767918f2ab59b6d6957a72f358959a /fs/btrfs
parent: 858454485f3794190a6dcffcd1866cc21a952fd1 (diff)
download: kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.zip
kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.tar.gz
kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 73e4cbc..05937a8 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1523,6 +1523,7 @@ again:
 		 * shortening the size of the delalloc range we're searching
 		 */
 		free_extent_state(cached_state);
+		cached_state = NULL;
 		if (!loops) {
 			unsigned long offset = (*start) & (PAGE_CACHE_SIZE - 1);
 			max_bytes = PAGE_CACHE_SIZE - offset;
author	Chris Mason <clm@fb.com>	2014-05-21 05:49:54 -0700
committer	Ben Hutchings <ben@decadent.org.uk>	2014-07-11 13:33:48 +0100
commit	232270aa2ac2e463afd41cd38665ddb275277d79 (patch)
tree	d3894b4ac3767918f2ab59b6d6957a72f358959a /fs/btrfs
parent	858454485f3794190a6dcffcd1866cc21a952fd1 (diff)
download	kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.zip kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.tar.gz kernel_samsung_smdk4412-232270aa2ac2e463afd41cd38665ddb275277d79.tar.bz2