fs: fat: avoid NULL dereference when root dir is full

When trying to create a file in the full root directory of a FAT32
filesystem a NULL dereference can be observed.

When the root directory of a FAT16 filesystem is full fill_dir_slot() must
return -1 to signal that a new directory entry could not be allocated.

Fixes: cd2d727fff7e ("fs: fat: allocate a new cluster for root directory of fat32")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index a2682b5f4655328d4065a9fd643e64d4ba18c56f..fc932df953c72ed75da5a3dc1cca54398a5b7928 100644 (file)
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -260,9 +260,8 @@ fill_dir_slot(fat_itr *itr, const char *l_name)
                        flush_dir(itr);
 
                /* allocate a cluster for more entries */
-               if (!fat_itr_next(itr))
-                       if (!itr->dent &&
-                           (!itr->is_root || itr->fsdata->fatsize == 32) &&
+               if (!fat_itr_next(itr) && !itr->dent)
+                       if ((itr->is_root && itr->fsdata->fatsize != 32) ||
                            new_dir_table(itr))
                                return -1;
        }