Message ID | 1528700647-58638-1-git-send-email-wangjie88@huawei.com |
---|---|
State | New |
Headers | show |
Series | util/async: avoid NULL pointer dereference | expand |
On Mon, 06/11 15:04, Jie Wang wrote: > if laio_init create linux_aio failed and return NULL, NULL pointer > dereference will occur when laio_attach_aio_context dereference > linux_aio in aio_get_linux_aio, so add assert to avoid it. > > Signed-off-by: Jie Wang <wangjie88@huawei.com> > --- > util/async.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/util/async.c b/util/async.c > index 03f62787f2..7766bcd8bc 100644 > --- a/util/async.c > +++ b/util/async.c > @@ -327,6 +327,7 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx) > { > if (!ctx->linux_aio) { > ctx->linux_aio = laio_init(); > + assert(ctx->linux_aio); > laio_attach_aio_context(ctx->linux_aio, ctx); > } > return ctx->linux_aio; > -- I'm afraid this is not the correct fix. If laio_init() can fail, this function should skip laio_attach_aio_context() and return NULL, then callers should check the return value and handle the error. E.g. Set s->use_linux_aio to false and fall back to posix I/O, and perhaps report the error with error_report. Or even better, call laio_init during raw_open and use error_setg(errp, ...). assert() will simply crash the program, it is not the right way to catch errors. Fam
diff --git a/util/async.c b/util/async.c index 03f62787f2..7766bcd8bc 100644 --- a/util/async.c +++ b/util/async.c @@ -327,6 +327,7 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx) { if (!ctx->linux_aio) { ctx->linux_aio = laio_init(); + assert(ctx->linux_aio); laio_attach_aio_context(ctx->linux_aio, ctx); } return ctx->linux_aio;
if laio_init create linux_aio failed and return NULL, NULL pointer dereference will occur when laio_attach_aio_context dereference linux_aio in aio_get_linux_aio, so add assert to avoid it. Signed-off-by: Jie Wang <wangjie88@huawei.com> --- util/async.c | 1 + 1 file changed, 1 insertion(+)