From: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Date: Fri, 7 Nov 2014 15:52:04 +0000 (+0100)
Subject: src/librbd/librbd.cc: fix potential null pointer deref
X-Git-Tag: v0.89~22^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=dbfb63e8e87c173029040d48bc088930af49bd2c;p=ceph.git

src/librbd/librbd.cc: fix potential null pointer deref

Fix potential deref after null check. Move check for max_snaps in
rbd_snap_list up to fail early before call any functions.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
---

diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc
index d6aa9880ab91..0dc4b650c403 100644
--- a/src/librbd/librbd.cc
+++ b/src/librbd/librbd.cc
@@ -1156,6 +1156,12 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
   vector<librbd::snap_info_t> cpp_snaps;
   librbd::ImageCtx *ictx = (librbd::ImageCtx *)image;
   tracepoint(librbd, snap_list_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only, snaps);
+
+  if (!max_snaps) {
+    tracepoint(librbd, snap_list_exit, -EINVAL, 0);
+    return -EINVAL;
+  }
+
   int r = librbd::snap_list(ictx, cpp_snaps);
   if (r == -ENOENT) {
     tracepoint(librbd, snap_list_exit, 0, *max_snaps);
@@ -1165,10 +1171,6 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
     tracepoint(librbd, snap_list_exit, r, *max_snaps);
     return r;
   }
-  if (!max_snaps) {
-    tracepoint(librbd, snap_list_exit, -EINVAL, *max_snaps);
-    return -EINVAL;
-  }
   if (*max_snaps < (int)cpp_snaps.size() + 1) {
     *max_snaps = (int)cpp_snaps.size() + 1;
     tracepoint(librbd, snap_list_exit, -ERANGE, *max_snaps);