From: xiexingguo <258156334@qq.com>
Date: Wed, 18 Nov 2015 09:57:17 +0000 (+0800)
Subject: Objecter: potential null pointer access in list_(n)objects.
X-Git-Tag: v10.0.3~160^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e259d717f0d0f6e40ee0da1d54c8412de05e382e;p=ceph.git

Objecter: potential null pointer access in list_(n)objects.

In list_objects and list_nobjects, we are possibly access a null returned pointer from the osdmap->get_pg_pool() call.
Fixes: #13822
Signed-off-by: xie xingguo <xie.xingguo@zte.com.cn>
---

diff --git a/src/osdc/Objecter.cc b/src/osdc/Objecter.cc
index 4bfa8f0080f..d01dc9d9561 100644
--- a/src/osdc/Objecter.cc
+++ b/src/osdc/Objecter.cc
@@ -3372,13 +3372,18 @@ void Objecter::list_nobjects(NListContext *list_context, Context *onfinish)
     // release the listing context's budget once all
     // OPs (in the session) are finished
     put_nlist_context_budget(list_context);
-
     onfinish->complete(0);
     return;
   }
 
   rwlock.get_read();
   const pg_pool_t *pool = osdmap->get_pg_pool(list_context->pool_id);
+  if (!pool) { // pool is gone
+    rwlock.unlock();
+    put_nlist_context_budget(list_context);
+    onfinish->complete(-ENOENT);
+    return;
+  }
   int pg_num = pool->get_pg_num();
   rwlock.unlock();
 
@@ -3523,13 +3528,18 @@ void Objecter::list_objects(ListContext *list_context, Context *onfinish)
     // release the listing context's budget once all
     // OPs (in the session) are finished
     put_list_context_budget(list_context);
-
     onfinish->complete(0);
     return;
   }
 
   rwlock.get_read();
   const pg_pool_t *pool = osdmap->get_pg_pool(list_context->pool_id);
+  if (!pool) { // pool is gone
+    rwlock.unlock();
+    put_list_context_budget(list_context);
+    onfinish->complete(-ENOENT);
+    return;
+  }
   int pg_num = pool->get_pg_num();
   rwlock.unlock();