fat: Fix possible null deref in fat_cache_add()

Reported-by: <dame_eugene@mail.ru>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>

diff --git a/fs/fat/cache.c b/fs/fat/cache.c
index ae8200f..1cc7038 100644 (file)
--- a/fs/fat/cache.c
+++ b/fs/fat/cache.c
@@ -151,6 +151,13 @@ static void fat_cache_add(struct inode *inode, struct fat_cache_id *new)
                        spin_unlock(&MSDOS_I(inode)->cache_lru_lock);
 
                        tmp = fat_cache_alloc(inode);
+                       if (!tmp) {
+                               spin_lock(&MSDOS_I(inode)->cache_lru_lock);
+                               MSDOS_I(inode)->nr_caches--;
+                               spin_unlock(&MSDOS_I(inode)->cache_lru_lock);
+                               return;
+                       }
+
                        spin_lock(&MSDOS_I(inode)->cache_lru_lock);
                        cache = fat_cache_merge(inode, new);
                        if (cache != NULL) {