Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / fio / fbccf46c939c9fee9f738da31c2e22791be5eab7^! / . / backend.c
commitfbccf46c939c9fee9f738da31c2e22791be5eab7[log] [tgz]
authorJens Axboe <axboe@kernel.dk>Tue Jan 08 21:02:14 2013 +0100
committerJens Axboe <axboe@kernel.dk>Tue Jan 08 21:02:14 2013 +0100
treeb06369d4639d8ae4dec114c3ea7627a7dcde2972
parenta28b019dcb27e71037c4393f7272fccebcd150f5 [diff] [blame]
Fix potential null pointer dereference on verify and requeue events

We clear io_u to NULL, but later we derefence io_u to check
the data direction. Do as we do in the main IO loop - store
the data direction in a local variable, and use that after
the main switch.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/backend.c b/backend.c
index 225d8a3..099bd9b 100644
--- a/backend.c
+++ b/backend.c

@@ -422,6 +422,7 @@
 
 	io_u = NULL;
 	while (!td->terminate) {
+		enum fio_ddir ddir;
 		int ret2, full;
 
 		update_tv_cache(td);
@@ -456,6 +457,8 @@
 		else
 			io_u->end_io = verify_io_u;
 
+		ddir = io_u->ddir;
+
 		ret = td_io_queue(td, io_u);
 		switch (ret) {
 		case FIO_Q_COMPLETED:
@@ -507,7 +510,7 @@
 			break;
 		}
 
-		if (break_on_this_error(td, io_u->ddir, &ret))
+		if (break_on_this_error(td, ddir, &ret))
 			break;
 
 		/*