Btrfs: Fix use after free during compressed reads (e04ca626) · Commits · e / devices / android_kernel_teracube_2e

fs/btrfs/compression.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode inode, struct bio bio,
		struct block_device *bdev;
		struct bio *comp_bio;
		u64 cur_disk_byte = (u64)bio->bi_sector << 9;
		u64 em_len;
		u64 em_start;
		struct extent_map *em;
		int ret;

		@@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode inode, struct bio bio,

		cb->start = em->orig_start;
		compressed_len = em->block_len;
		em_len = em->len;
		em_start = em->start;
		free_extent_map(em);
		em = NULL;

		cb->len = uncompressed_len;
		cb->compressed_len = compressed_len;
		@@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode inode, struct bio bio,
		}
		cb->nr_pages = nr_pages;

		add_ra_bio_pages(inode, em->start + em->len, cb);
		add_ra_bio_pages(inode, em_start + em_len, cb);

		if (!btrfs_test_opt(root, NODATASUM) &&
		!btrfs_test_flag(inode, NODATASUM)) {