Commit c3545579 authored by Josh Durgin's avatar Josh Durgin Committed by Sage Weil
Browse files

rbd: fix null dereference in dout



The order parameter is sometimes NULL in _rbd_dev_v2_snap_size(), but
the dout() always derefences it. Move this to another dout() protected
by a check that order is non-NULL.

Signed-off-by: default avatarJosh Durgin <josh.durgin@inktank.com>
Reviewed-by: default avatarSage Weil <sage@inktank.com>
Reviewed-by: default avatarAlex Elder <alex.elder@linaro.org>
parent 03507db6
Loading
Loading
Loading
Loading
+5 −3
Original line number Original line Diff line number Diff line
@@ -3702,12 +3702,14 @@ static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
	if (ret < sizeof (size_buf))
	if (ret < sizeof (size_buf))
		return -ERANGE;
		return -ERANGE;


	if (order)
	if (order) {
		*order = size_buf.order;
		*order = size_buf.order;
		dout("  order %u", (unsigned int)*order);
	}
	*snap_size = le64_to_cpu(size_buf.size);
	*snap_size = le64_to_cpu(size_buf.size);


	dout("  snap_id 0x%016llx order = %u, snap_size = %llu\n",
	dout("  snap_id 0x%016llx snap_size = %llu\n",
		(unsigned long long)snap_id, (unsigned int)*order,
		(unsigned long long)snap_id,
		(unsigned long long)*snap_size);
		(unsigned long long)*snap_size);


	return 0;
	return 0;