reiserfs: Check the return value from __getblk()

[ Upstream commit ba38980add7ffc9e674ada5b4ded4e7d14e76581 ]

__getblk() can return a NULL pointer if we run out of memory or if we
try to access beyond the end of the device; check it and handle it
appropriately.

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://lore.kernel.org/lkml/CAFcO6XOacq3hscbXevPQP7sXRoYFz34ZdKPYjmd6k5sZuhGFDw@mail.gmail.com/
Tested-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") # probably introduced in 2002
Acked-by: Edward Shishkin <edward.shishkin@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 9f62da7..eb81b41 100644 (file)
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
        int i, j;
 
        bh = __getblk(dev, block, bufsize);
-       if (buffer_uptodate(bh))
+       if (!bh || buffer_uptodate(bh))
                return (bh);
 
        if (block + BUFNR > max_block) {
@@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
        j = 1;
        for (i = 1; i < blocks; i++) {
                bh = __getblk(dev, block + i, bufsize);
+               if (!bh)
+                       break;
                if (buffer_uptodate(bh)) {
                        brelse(bh);
                        break;