[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] tmem: Prevent NULL dereference on error case
If the client / pool IDs given to tmemc_save_get_next_page are invalid, the calculation of pagesize will dereference NULL. Fix this by moving the calculation below the appropriate NULL check. Signed-off-by: Matthew Daley <mattjd@xxxxxxxxx> diff --git a/xen/common/tmem.c b/xen/common/tmem.c index 1280537..ec59009 100644 --- a/xen/common/tmem.c +++ b/xen/common/tmem.c @@ -2436,10 +2436,13 @@ static NOINLINE int tmemc_save_get_next_page(int cli_id, uint32_t pool_id, OID oid; int ret = 0; struct tmem_handle h; - unsigned int pagesize = 1 << (pool->pageshift+12); + unsigned int pagesize; if ( pool == NULL || is_ephemeral(pool) ) return -1; + + pagesize = 1 << (pool->pageshift + 12); + if ( bufsize < pagesize + sizeof(struct tmem_handle) ) return -ENOMEM; -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |