[CRIU] [PATCH] sieze: fix NULL pointer dereference in freezer_detach
Cyrill Gorcunov
gorcunov at gmail.com
Thu Apr 7 10:03:59 PDT 2016
On Thu, Apr 07, 2016 at 07:48:02PM +0300, Stanislav Kinsburskiy wrote:
> Below is the NULL pointer call trace for freezer_detach:
>
> ct_dump_finish
> pstree_switch_state
> freezer_detach ---> dereference of processes_to_wait_pids
>
> But ct_dump_finish is also called on all the error paths in cr_dump_tasks, and
> can be called _before_ collect_pstree, which initializes
> processes_to_wait_pids in freezer_wait_processes.
>
> This patch add exit from freezer_detach if processes_to_wait_pids is NULL.
>
> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
> ---
> criu/seize.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/criu/seize.c b/criu/seize.c
> index 0ea7a28..82755a7 100644
> --- a/criu/seize.c
> +++ b/criu/seize.c
> @@ -221,6 +221,9 @@ static int freezer_detach(void)
> if (!opts.freeze_cgroup)
> return 0;
>
> + if (!processes_to_wait_pids)
> + return 0;
> +
> for (i = 0; i < processes_to_wait && processes_to_wait_pids; i++) {
Here in for cycle: i < processes_to_wait && processes_to_wait_pids
> pid_t pid = processes_to_wait_pids[i];
> int status, save_errno;
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
Cyrill
More information about the CRIU
mailing list