[PATCH 04/23] Fix null dereference in socket_recv_thread()
Valerie Aurora
val at versity.com
Fri Apr 4 11:45:20 PDT 2025
From: Chris Kirby <ckirby at versity.com>
In socket_recv_thread(), don't try to iov_append() a NULL buffer.
Compiler optimizations hide this bug for some versions of gcc.
Signed-off-by: Chris Kirby <ckirby at versity.com>
---
shared/mtr-socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/shared/mtr-socket.c b/shared/mtr-socket.c
index 3794c0f..db8221a 100644
--- a/shared/mtr-socket.c
+++ b/shared/mtr-socket.c
@@ -212,7 +212,9 @@ static void socket_recv_thread(struct thread *thr, void *arg)
}
iovcnt = iov_append(iov, 0, page_address(ctl_page), mdesc.ctl_size);
- iovcnt = iov_append(iov, iovcnt, page_address(mdesc.data_page), mdesc.data_size);
+
+ if (mdesc.data_size)
+ iovcnt = iov_append(iov, iovcnt, page_address(mdesc.data_page), mdesc.data_size);
ret = whole_iovec(readv, pinf->fd, iov, iovcnt);
if (ret < 0)
--
2.48.1
More information about the ngnfs-devel
mailing list