fuse: prevent fuse_put_request on invalid pointer

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.

Signed-off-by: Anand V. Avati <[email protected]>
Signed-off-by: Miklos Szeredi <[email protected]>
Cc: [email protected]

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index a3492f7d207c32403f482bc2b1ec02fe24e10a51..5887a6395ad2a912e6330a7d13a7270531742131 100644 (file)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1063,7 +1063,8 @@ ssize_t fuse_direct_io(struct file *file, const char __user *buf,
                                break;
                }
        }
-       fuse_put_request(fc, req);
+       if (!IS_ERR(req))
+               fuse_put_request(fc, req);
        if (res > 0)
                *ppos = pos;