[PATCH 1/1] Fix null dereference in socket_recv_thread()
Chris Kirby
ckirby at versity.com
Fri Mar 21 06:25:58 PDT 2025
In socket_recv_thread(), don't try to iov_append() a NULL buffer.
Compiler optimizations hide this bug for some versions of gcc.
Signed-off-by: Chris Kirby <ckirby at versity.com>
---
shared/mtr-socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/shared/mtr-socket.c b/shared/mtr-socket.c
index 3794c0f..db8221a 100644
--- a/shared/mtr-socket.c
+++ b/shared/mtr-socket.c
@@ -212,7 +212,9 @@ static void socket_recv_thread(struct thread *thr, void *arg)
}
iovcnt = iov_append(iov, 0, page_address(ctl_page), mdesc.ctl_size);
- iovcnt = iov_append(iov, iovcnt, page_address(mdesc.data_page), mdesc.data_size);
+
+ if (mdesc.data_size)
+ iovcnt = iov_append(iov, iovcnt, page_address(mdesc.data_page), mdesc.data_size);
ret = whole_iovec(readv, pinf->fd, iov, iovcnt);
if (ret < 0)
--
2.39.5 (Apple Git-154)
More information about the ngnfs-devel
mailing list