[PATCH v2 1/2] erofs-utils: fuse: add missing return on getattr error
Ajay Rajera
newajay.11r at gmail.com
Sat Mar 21 18:18:17 AEDT 2026
Yeah, I apologize for the mistake.
I just sent patch v3
Thanks, Ajay.
On Sat, 21 Mar 2026 at 12:13, Gao Xiang <hsiangkao at linux.alibaba.com> wrote:
>
>
>
> On 2026/3/21 14:26, Ajay Rajera wrote:
> > erofsfuse_getattr() calls fuse_reply_err() when erofs_read_inode_from_disk()
> > fails, but does not return afterwards. This causes the function to fall through
> > to erofsfuse_fill_stat() with uninitialized inode data and then call
> > fuse_reply_attr(), sending a second reply to the same FUSE request.
> >
> > Sending two replies to a single FUSE request is undefined behavior in libfuse
> > and typically triggers an assertion failure or crash. The uninitialized inode
> > data may also expose garbage values to userspace.
> >
> > Fix by adding the missing return after fuse_reply_err().
>
> Each line of the commit message should not exceed 72 chars.
>
> >
> > Signed-off-by: Ajay Rajera <newajay.11r at gmail.com>
> > ---
> > fuse/main.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/fuse/main.c b/fuse/main.c
> > index 82aca8c..b634782 100644
> > --- a/fuse/main.c
> > +++ b/fuse/main.c
> > @@ -265,8 +265,10 @@ static void erofsfuse_getattr(fuse_req_t req, fuse_ino_t ino,
> > struct erofs_inode vi = { .sbi = &g_sbi, .nid = erofsfuse_to_nid(ino) };
> >
> > ret = erofs_read_inode_from_disk(&vi);
> > - if (ret < 0)
> > + if (ret < 0) {
> > fuse_reply_err(req, -ret);
> > + return;
> > + }
> >
> > erofsfuse_fill_stat(&vi, &stbuf);
> > stbuf.st_ino = ino;
>
More information about the Linux-erofs
mailing list