jffs2: fix use after free in jffs2_sum_write_data()

[platform/kernel/linux-rpi.git] / fs / jffs2 / summary.c

diff --git a/fs/jffs2/summary.c b/fs/jffs2/summary.c
index be7c8a6..4fe6451 100644 (file)
--- a/fs/jffs2/summary.c
+++ b/fs/jffs2/summary.c
@@ -783,6 +783,8 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
                                        dbg_summary("Writing unknown RWCOMPAT_COPY node type %x\n",
                                                    je16_to_cpu(temp->u.nodetype));
                                        jffs2_sum_disable_collecting(c->summary);
+                                       /* The above call removes the list, nothing more to do */
+                                       goto bail_rwcompat;
                                } else {
                                        BUG();  /* unknown node in summary information */
                                }
@@ -794,6 +796,7 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
 
                c->summary->sum_num--;
        }
+ bail_rwcompat:
 
        jffs2_sum_reset_collected(c->summary);