From: Jason Dillaman <dillaman@redhat.com>
Date: Fri, 14 Jun 2019 17:34:24 +0000 (-0400)
Subject: librbd: avoid dereferencing an empty container during deep-copy
X-Git-Tag: v13.2.7~135^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3b1125fc5cb77cb3ac61895ff917ccecede61fd5;p=ceph.git

librbd: avoid dereferencing an empty container during deep-copy

While updating the image copy progress, a 'while' loop will pop the
last item from the queue and then deference the empty queue.

Fixes: http://tracker.ceph.com/issues/40368
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit 0f491cbb96ec55c68a627de71ed6ccd781a46dcc)
---

diff --git a/src/librbd/deep_copy/ImageCopyRequest.cc b/src/librbd/deep_copy/ImageCopyRequest.cc
index e3f742413fc2..171e25fb9013 100644
--- a/src/librbd/deep_copy/ImageCopyRequest.cc
+++ b/src/librbd/deep_copy/ImageCopyRequest.cc
@@ -229,8 +229,9 @@ void ImageCopyRequest<I>::handle_object_copy(uint64_t object_no, int r) {
       }
     } else {
       m_copied_objects.push(object_no);
-      while (!m_updating_progress && m_copied_objects.top() ==
-             (m_object_number ? *m_object_number + 1 : 0)) {
+      while (!m_updating_progress && !m_copied_objects.empty() &&
+             m_copied_objects.top() ==
+               (m_object_number ? *m_object_number + 1 : 0)) {
         m_object_number = m_copied_objects.top();
         m_copied_objects.pop();
         uint64_t progress_object_no = *m_object_number + 1;