From: Li Zefan <lizf@cn.fujitsu.com>
Date: Mon, 12 Mar 2012 08:39:48 +0000 (+0800)
Subject: Btrfs: avoid possible use-after-free in clear_extent_bit()
X-Git-Tag: v3.4-rc5~6^2~19
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdc6a3952558f00b1bc3b6401e1cf98797632fe2;p=pandora-kernel.git

Btrfs: avoid possible use-after-free in clear_extent_bit()

clear_extent_bit()
{
    next_node = rb_next(&state->rb_node);
    ...
    clear_state_bit(state);  <-- this may free next_node
    if (next_node) {
        state = rb_entry(next_node);
        ...
    }
}

clear_state_bit() calls merge_state() which may free the next node
of the passing extent_state, so clear_extent_bit() may end up
referencing freed memory.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
---

Reading git-diff-tree failed