btrfs: fix use-after-free of cmp workspace pages
[muen/linux.git] / fs / btrfs / ioctl.c
index a4d2856a4df1facc9150676e3cd06f38432f9bb1..aa914aaa00f8129bb0bb3744d4f0a1b13aa3f80b 100644 (file)
@@ -3327,11 +3327,13 @@ static void btrfs_cmp_data_free(struct cmp_pages *cmp)
                if (pg) {
                        unlock_page(pg);
                        put_page(pg);
+                       cmp->src_pages[i] = NULL;
                }
                pg = cmp->dst_pages[i];
                if (pg) {
                        unlock_page(pg);
                        put_page(pg);
+                       cmp->dst_pages[i] = NULL;
                }
        }
 }