src/librbd/librbd.cc: fix potential null pointer deref

Fix potential deref after null check. Move check for max_snaps in
rbd_snap_list up to fail early before call any functions.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>

diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc
index d6aa9880ab911081453a6c297d421bba67af2764..0dc4b650c403a6748b208c9b483dafb82bcce3c0 100644 (file)
--- a/src/librbd/librbd.cc
+++ b/src/librbd/librbd.cc
@@ -1156,6 +1156,12 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
   vector<librbd::snap_info_t> cpp_snaps;
   librbd::ImageCtx *ictx = (librbd::ImageCtx *)image;
   tracepoint(librbd, snap_list_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only, snaps);
+
+  if (!max_snaps) {
+    tracepoint(librbd, snap_list_exit, -EINVAL, 0);
+    return -EINVAL;
+  }
+
   int r = librbd::snap_list(ictx, cpp_snaps);
   if (r == -ENOENT) {
     tracepoint(librbd, snap_list_exit, 0, *max_snaps);
@@ -1165,10 +1171,6 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
     tracepoint(librbd, snap_list_exit, r, *max_snaps);
     return r;
   }
-  if (!max_snaps) {
-    tracepoint(librbd, snap_list_exit, -EINVAL, *max_snaps);
-    return -EINVAL;
-  }
   if (*max_snaps < (int)cpp_snaps.size() + 1) {
     *max_snaps = (int)cpp_snaps.size() + 1;
     tracepoint(librbd, snap_list_exit, -ERANGE, *max_snaps);