Avoid crash on NULL pointer in lock driver impls during hotplug

When virLockDriverAcquire is invoked during hotplug the state parameter will be left as NULL. * src/locking/lock_driver_nop.c, src/locking/lock_driver_sanlock.c: Don't reference NULL state parameter

Avoid crash on NULL pointer in lock driver impls during hotplug
When virLockDriverAcquire is invoked during hotplug the state parameter will be left as NULL. * src/locking/lock_driver_nop.c, src/locking/lock_driver_sanlock.c: Don't reference NULL state parameter
eb661ce3 · Daniel P. Berrange · 09240ef1 · eb661ce3 · eb661ce3
隐藏空白更改
内联并排

Showing with 22 addition and 14 deletion

src/locking/lock_driver_nop.c src/locking/lock_driver_nop.c +4 -3

src/locking/lock_driver_sanlock.c src/locking/lock_driver_sanlock.c +18 -11

未找到文件。
--- a/src/locking/lock_driver_nop.c
+++ b/src/locking/lock_driver_nop.c
@@ -76,7 +76,8 @@ static int virLockManagerNopRelease(virLockManagerPtr lock ATTRIBUTE_UNUSED,
                                    char **state,
                                    unsigned int flags ATTRIBUTE_UNUSED)
 {
-    *state = NULL;
+    if (state)
+        *state = NULL;

    return 0;
 }
@@ -85,8 +86,8 @@ static int virLockManagerNopInquire(virLockManagerPtr lock ATTRIBUTE_UNUSED,
                                    char **state,
                                    unsigned int flags ATTRIBUTE_UNUSED)
 {
-
-    *state = NULL;
+    if (state)
+        *state = NULL;

    return 0;
 }

--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -374,18 +374,20 @@ static int virLockManagerSanlockRelease(virLockManagerPtr lock,

    virCheckFlags(0, -1);

-    if ((rv = sanlock_inquire(-1, priv->vm_pid, 0, &res_count, state)) < 0) {
-        if (rv <= -200)
-            virLockError(VIR_ERR_INTERNAL_ERROR,
-                         _("Failed to inquire lock: error %d"), rv);
-        else
-            virReportSystemError(-rv, "%s",
-                                 _("Failed to inquire lock"));
-        return -1;
-    }
+    if (state) {
+        if ((rv = sanlock_inquire(-1, priv->vm_pid, 0, &res_count, state)) < 0) {
+            if (rv <= -200)
+                virLockError(VIR_ERR_INTERNAL_ERROR,
+                             _("Failed to inquire lock: error %d"), rv);
+            else
+                virReportSystemError(-rv, "%s",
+                                     _("Failed to inquire lock"));
+            return -1;
+        }

-    if (STREQ(*state, ""))
-        VIR_FREE(*state);
+        if (STREQ(*state, ""))
+            VIR_FREE(*state);
+    }

    if ((rv = sanlock_release(-1, priv->vm_pid, SANLK_REL_ALL, 0, NULL)) < 0) {
        if (rv <= -200)
@@ -409,6 +411,11 @@ static int virLockManagerSanlockInquire(virLockManagerPtr lock,

    virCheckFlags(0, -1);

+    if (!state) {
+        virLockError(VIR_ERR_INVALID_ARG, "state");
+        return -1;
+    }
+
    VIR_DEBUG("pid=%d", priv->vm_pid);

    if ((rv = sanlock_inquire(-1, priv->vm_pid, 0, &res_count, state)) < 0) {