reiserfs: Check the return value from __getblk()

__getblk() can return a NULL pointer if we run out of memory or if we
try to access beyond the end of the device; check it and handle it
appropriately.

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://lore.kernel.org/lkml/CAFcO6XOacq3hscbXevPQP7sXRoYFz34ZdKPYjmd6k5sZuhGFDw@mail.gmail.com/
Tested-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") # probably introduced in 2002
Acked-by: Edward Shishkin <edward.shishkin@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 479aa4a57602ff756276be943e0ee80b82a2b069..015bfe4e452417fa8ef39b0ff727c5687cb9039f 100644 (file)
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
        int i, j;
 
        bh = __getblk(dev, block, bufsize);
-       if (buffer_uptodate(bh))
+       if (!bh || buffer_uptodate(bh))
                return (bh);
 
        if (block + BUFNR > max_block) {
@@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
        j = 1;
        for (i = 1; i < blocks; i++) {
                bh = __getblk(dev, block + i, bufsize);
+               if (!bh)
+                       break;
                if (buffer_uptodate(bh)) {
                        brelse(bh);
                        break;