[CRIU] [PATCH] lazy_image(): avoid NULL deref
Pavel Emelyanov
xemul at parallels.com
Mon May 4 23:59:41 PDT 2015
On 05/01/2015 01:55 PM, Andrew Vagin wrote:
> On Thu, Apr 30, 2015 at 04:25:43PM -0700, Kir Kolyshkin wrote:
>> Do check img before deferefencing, just as in empty_image().
>
> I would prefer to remove this check from empty_image(). A caller of
> open_image() must handler errors.
Then irmap, tmpfs pages image openers will looks like ... smth bad.
But you can try to cook the patch.
> We can add this check into close_image() jast as in xfree().
>
> diff --git a/image.c b/image.c
> index 7f3ceb5..a6bc3f1 100644
> --- a/image.c
> +++ b/image.c
> @@ -359,6 +359,8 @@ int open_image_lazy(struct cr_img *img)
>
> void close_image(struct cr_img *img)
> {
> + if (img == NULL)
> + return;
> if (lazy_image(img))
> xfree(img->path);
> else if (!empty_image(img))
>
>> This is an addition to commit 8ce37e67.
>>
>> Signed-off-by: Kir Kolyshkin <kir at openvz.org>
>> ---
>> include/image.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/image.h b/include/image.h
>> index 55e63dd..76ad2e8 100644
>> --- a/include/image.h
>> +++ b/include/image.h
>> @@ -146,7 +146,7 @@ static inline bool empty_image(struct cr_img *img)
>>
>> static inline bool lazy_image(struct cr_img *img)
>> {
>> - return img->_x.fd == LAZY_IMG_FD;
>> + return img && img->_x.fd == LAZY_IMG_FD;
>> }
>>
>> extern int open_image_lazy(struct cr_img *img);
>> --
>> 1.9.3
>>
> .
>
More information about the CRIU
mailing list