fs/squashfs: Fix Coverity Scan defects
Fix control flow issues and null pointer dereferences.
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index f67f7c4..15208b4 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -154,7 +154,7 @@
header = get_unaligned_le16(metadata_buffer + table_offset);
metadata = metadata_buffer + table_offset + SQFS_HEADER_SIZE;
- if (!metadata) {
+ if (!metadata || !header) {
ret = -ENOMEM;
goto free_buffer;
}
@@ -434,9 +434,9 @@
{
struct squashfs_super_block *sblk = ctxt.sblk;
char *path, *target, **sym_tokens, *res, *rem;
- struct squashfs_ldir_inode *ldir = NULL;
int j, ret, new_inode_number, offset;
struct squashfs_symlink_inode *sym;
+ struct squashfs_ldir_inode *ldir;
struct squashfs_dir_inode *dir;
struct fs_dir_stream *dirsp;
struct fs_dirent *dent;
@@ -448,8 +448,8 @@
table = sqfs_find_inode(dirs->inode_table, le32_to_cpu(sblk->inodes),
sblk->inodes, sblk->block_size);
- /* root is a regular directory, not an extended one */
dir = (struct squashfs_dir_inode *)table;
+ ldir = (struct squashfs_ldir_inode *)table;
/* get directory offset in directory table */
offset = sqfs_dir_offset(table, m_list, m_count);
@@ -1146,9 +1146,12 @@
finfo->start = get_unaligned_le32(®->start_block);
finfo->frag = SQFS_IS_FRAGMENTED(get_unaligned_le32(®->fragment));
- if (finfo->size < 1 || finfo->offset < 0 || finfo->start < 0)
+ if (finfo->frag && finfo->offset == 0xFFFFFFFF)
return -EINVAL;
+ if (finfo->size < 1 || finfo->start == 0xFFFFFFFF)
+ return -EINVAL;
+
if (finfo->frag) {
datablk_count = finfo->size / le32_to_cpu(blksz);
ret = sqfs_frag_lookup(get_unaligned_le32(®->fragment),
@@ -1156,7 +1159,7 @@
if (ret < 0)
return -EINVAL;
finfo->comp = true;
- if (fentry->size < 1 || fentry->start < 0)
+ if (fentry->size < 1 || fentry->start == 0x7FFFFFFF)
return -EINVAL;
} else {
datablk_count = DIV_ROUND_UP(finfo->size, le32_to_cpu(blksz));
@@ -1181,9 +1184,12 @@
finfo->start = get_unaligned_le64(&lreg->start_block);
finfo->frag = SQFS_IS_FRAGMENTED(get_unaligned_le32(&lreg->fragment));
- if (finfo->size < 1 || finfo->offset < 0 || finfo->start < 0)
+ if (finfo->frag && finfo->offset == 0xFFFFFFFF)
return -EINVAL;
+ if (finfo->size < 1 || finfo->start == 0x7FFFFFFF)
+ return -EINVAL;
+
if (finfo->frag) {
datablk_count = finfo->size / le32_to_cpu(blksz);
ret = sqfs_frag_lookup(get_unaligned_le32(&lreg->fragment),
@@ -1191,7 +1197,7 @@
if (ret < 0)
return -EINVAL;
finfo->comp = true;
- if (fentry->size < 1 || fentry->start < 0)
+ if (fentry->size < 1 || fentry->start == 0x7FFFFFFF)
return -EINVAL;
} else {
datablk_count = DIV_ROUND_UP(finfo->size, le32_to_cpu(blksz));