From 2bc088307220d2ed0858009e189ebdae3364ddeb Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@inktank.com>
Date: Thu, 9 May 2013 09:40:00 -0700
Subject: [PATCH] librbd: fix possible use-after-free

(of the pointer)

CID 966634 (#1 of 1): Use after free (USE_AFTER_FREE)
2. use_after_free: Using freed pointer "ictx".

Signed-off-by: Sage Weil <sage@inktank.com>
---
 src/librbd/librbd.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc
index 9513e1e5f2c7..89bbe595752a 100644
--- a/src/librbd/librbd.cc
+++ b/src/librbd/librbd.cc
@@ -692,7 +692,8 @@ extern "C" int rbd_open(rados_ioctx_t p, const char *name, rbd_image_t *image,
   librbd::ImageCtx *ictx = new librbd::ImageCtx(name, "", snap_name, io_ctx,
 						false);
   int r = librbd::open_image(ictx);
-  *image = (rbd_image_t)ictx;
+  if (r >= 0)
+    *image = (rbd_image_t)ictx;
   return r;
 }
 
@@ -704,7 +705,8 @@ extern "C" int rbd_open_read_only(rados_ioctx_t p, const char *name,
   librbd::ImageCtx *ictx = new librbd::ImageCtx(name, "", snap_name, io_ctx,
 						true);
   int r = librbd::open_image(ictx);
-  *image = (rbd_image_t)ictx;
+  if (r >= 0)
+    *image = (rbd_image_t)ictx;
   return r;
 }
 
-- 
2.47.3