ntfs: fix variable dereferenced before check warnings

Detected by Smatch. lcnalloc.c:736 ntfs_cluster_alloc() error: we previously assumed 'rl' could be null (see line 719) inode.c:3275 ntfs_inode_close() warn: variable dereferenced before check 'tmp_nis' (see line 3255) attrib.c:4952 ntfs_attr_remove() warn: variable dereferenced before check 'ni' (see line 4951) dir.c:1035 ntfs_readdir() error: we previously assumed 'private' could be null (see line 850) Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
2026-04-18 06:44:00 -04:00 · 2026-03-13 08:59:07 +09:00
parent 7cf4b3c768
commit 4e59f8a1a8
5 changed files with 16 additions and 13 deletions
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -4941,23 +4941,19 @@ int ntfs_attr_exist(struct ntfs_inode *ni, const __le32 type, __le16 *name,
 int ntfs_attr_remove(struct ntfs_inode *ni, const __le32 type, __le16 *name,
 		u32 name_len)
 {
-	struct super_block *sb;
 	int err;
 	struct inode *attr_vi;
 	struct ntfs_inode *attr_ni;

 	ntfs_debug("Entering\n");

-	sb = ni->vol->sb;
-	if (!ni) {
-		ntfs_error(sb, "NULL inode pointer\n");
+	if (!ni)
 		return -EINVAL;
-	}

 	attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len);
 	if (IS_ERR(attr_vi)) {
 		err = PTR_ERR(attr_vi);
-		ntfs_error(sb, "Failed to open attribute 0x%02x of inode 0x%llx",
+		ntfs_error(ni->vol->sb, "Failed to open attribute 0x%02x of inode 0x%llx",
 				type, (unsigned long long)ni->mft_no);
 		return err;
 	}
@@ -4965,7 +4961,7 @@ int ntfs_attr_remove(struct ntfs_inode *ni, const __le32 type, __le16 *name,

 	err = ntfs_attr_rm(attr_ni);
 	if (err)
-		ntfs_error(sb, "Failed to remove attribute 0x%02x of inode 0x%llx",
+		ntfs_error(ni->vol->sb, "Failed to remove attribute 0x%02x of inode 0x%llx",
 				type, (unsigned long long)ni->mft_no);
 	iput(attr_vi);
 	return err;
--- a/fs/ntfs/dir.c
+++ b/fs/ntfs/dir.c
@@ -1032,8 +1032,10 @@ out:
 	}

 	if (err) {
-		private->curr_pos = actor->pos;
-		private->end_in_iterate = true;
+		if (private) {
+			private->curr_pos = actor->pos;
+			private->end_in_iterate = true;
+		}
 		err = 0;
 	}
 	ntfs_index_ctx_put(ictx);
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -3250,8 +3250,10 @@ int ntfs_inode_close(struct ntfs_inode *ni)
 	 * base inode before destroying it.
 	 */
 	base_ni = ni->ext.base_ntfs_ino;
+	tmp_nis = base_ni->ext.extent_ntfs_inos;
+	if (!tmp_nis)
+		goto out;
 	for (i = 0; i < base_ni->nr_extents; ++i) {
-		tmp_nis = base_ni->ext.extent_ntfs_inos;
 		if (tmp_nis[i] != ni)
 			continue;
 		/* Found it. Disconnect. */
@@ -3279,6 +3281,7 @@ int ntfs_inode_close(struct ntfs_inode *ni)
 		break;
 	}

+out:
 	if (NInoDirty(ni))
 		ntfs_error(ni->vol->sb, "Releasing dirty inode %llu!\n",
 				ni->mft_no);
--- a/fs/ntfs/lcnalloc.c
+++ b/fs/ntfs/lcnalloc.c
@@ -732,11 +732,13 @@ out:
 		folio_put(folio);
 	}
 	if (likely(!err)) {
+		if (!rl) {
+			err = -EIO;
+			goto out_restore;
+		}
 		if (is_dealloc == true)
 			ntfs_release_dirty_clusters(vol, rl->length);
 		ntfs_debug("Done.");
-		if (rl == NULL)
-			err = -EIO;
 		goto out_restore;
 	}
 	if (err != -ENOSPC)
--- a/fs/ntfs/runlist.c
+++ b/fs/ntfs/runlist.c
@@ -1661,7 +1661,7 @@ struct runlist_element *ntfs_rl_insert_range(struct runlist_element *dst_rl, int
 {
 	struct runlist_element *i_rl, *new_rl, *src_rl_origin = src_rl;
 	struct runlist_element dst_rl_split;
-	s64 start_vcn = src_rl[0].vcn;
+	s64 start_vcn;
 	int new_1st_cnt, new_2nd_cnt, new_3rd_cnt, new_cnt;

 	if (!dst_rl || !src_rl || !new_rl_cnt)