btrfs-progs: fix null pointer deref in balance_level

In case the right buffer is emptied it's first set to NULL and
subsequently it's dereferenced to get its size to pass to root_sub_used.
This naturally leads to a NULL pointer dereference. The correct thing to
do is to pass the stashed right->len in "blocksize".

Issue: #296
Pull-request: #360
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
Nikolay Borisov 2021-04-06 16:55:03 +03:00 committed by David Sterba
parent c6b585034f
commit 0595309541

View File

@ -927,7 +927,7 @@ static int balance_level(struct btrfs_trans_handle *trans,
if (wret) if (wret)
ret = wret; ret = wret;
root_sub_used(root, right->len); root_sub_used(root, blocksize);
wret = btrfs_free_extent(trans, root, bytenr, wret = btrfs_free_extent(trans, root, bytenr,
blocksize, 0, blocksize, 0,
root->root_key.objectid, root->root_key.objectid,