[CRIU] [PATCH] sieze: fix NULL pointer dereference in freezer_detach
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Thu Apr 7 09:48:02 PDT 2016
Below is the NULL pointer call trace for freezer_detach:
ct_dump_finish
pstree_switch_state
freezer_detach ---> dereference of processes_to_wait_pids
But ct_dump_finish is also called on all the error paths in cr_dump_tasks, and
can be called _before_ collect_pstree, which initializes
processes_to_wait_pids in freezer_wait_processes.
This patch add exit from freezer_detach if processes_to_wait_pids is NULL.
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
criu/seize.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/criu/seize.c b/criu/seize.c
index 0ea7a28..82755a7 100644
--- a/criu/seize.c
+++ b/criu/seize.c
@@ -221,6 +221,9 @@ static int freezer_detach(void)
if (!opts.freeze_cgroup)
return 0;
+ if (!processes_to_wait_pids)
+ return 0;
+
for (i = 0; i < processes_to_wait && processes_to_wait_pids; i++) {
pid_t pid = processes_to_wait_pids[i];
int status, save_errno;
More information about the CRIU
mailing list