btrfs: fix invalid-free in btrfs_extent_same (22883ddc) · Commits · e / devices / android_kernel_fairphone_FP4

fs/btrfs/ioctl.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -3577,7 +3577,7 @@ static int btrfs_extent_same(struct inode *src, u64 loff, u64 olen,
		ret = btrfs_extent_same_range(src, loff, BTRFS_MAX_DEDUPE_LEN,
		dst, dst_loff, &cmp);
		if (ret)
		goto out_unlock;
		goto out_free;

		loff += BTRFS_MAX_DEDUPE_LEN;
		dst_loff += BTRFS_MAX_DEDUPE_LEN;
		@@ -3587,16 +3587,16 @@ static int btrfs_extent_same(struct inode *src, u64 loff, u64 olen,
		ret = btrfs_extent_same_range(src, loff, tail_len, dst,
		dst_loff, &cmp);

		out_free:
		kvfree(cmp.src_pages);
		kvfree(cmp.dst_pages);

		out_unlock:
		if (same_inode)
		inode_unlock(src);
		else
		btrfs_double_inode_unlock(src, dst);

		out_free:
		kvfree(cmp.src_pages);
		kvfree(cmp.dst_pages);

		return ret;
		}