From dbfb63e8e87c173029040d48bc088930af49bd2c Mon Sep 17 00:00:00 2001
From: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Date: Fri, 7 Nov 2014 16:52:04 +0100
Subject: [PATCH] src/librbd/librbd.cc: fix potential null pointer deref

Fix potential deref after null check. Move check for max_snaps in
rbd_snap_list up to fail early before call any functions.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
---
 src/librbd/librbd.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc
index d6aa9880ab911..0dc4b650c403a 100644
--- a/src/librbd/librbd.cc
+++ b/src/librbd/librbd.cc
@@ -1156,6 +1156,12 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
   vector<librbd::snap_info_t> cpp_snaps;
   librbd::ImageCtx *ictx = (librbd::ImageCtx *)image;
   tracepoint(librbd, snap_list_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only, snaps);
+
+  if (!max_snaps) {
+    tracepoint(librbd, snap_list_exit, -EINVAL, 0);
+    return -EINVAL;
+  }
+
   int r = librbd::snap_list(ictx, cpp_snaps);
   if (r == -ENOENT) {
     tracepoint(librbd, snap_list_exit, 0, *max_snaps);
@@ -1165,10 +1171,6 @@ extern "C" int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
     tracepoint(librbd, snap_list_exit, r, *max_snaps);
     return r;
   }
-  if (!max_snaps) {
-    tracepoint(librbd, snap_list_exit, -EINVAL, *max_snaps);
-    return -EINVAL;
-  }
   if (*max_snaps < (int)cpp_snaps.size() + 1) {
     *max_snaps = (int)cpp_snaps.size() + 1;
     tracepoint(librbd, snap_list_exit, -ERANGE, *max_snaps);
-- 
2.39.5