The io_buffer_get_list() function may return NULL, which may
cause null pointer deference, and other callsites of
io_buffer_get_list() all do Null check. Add Null check for
return value of io_buffer_get_list().
Found by our static analysis tool.
Signed-off-by: Chenyuan Mi <cymi20@xxxxxxxxxxxx>
---
io_uring/kbuf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
index 2f0181521c98..d209a0a9e337 100644
--- a/io_uring/kbuf.c
+++ b/io_uring/kbuf.c
@@ -66,9 +66,11 @@ void io_kbuf_recycle_legacy(struct io_kiocb *req, unsigned issue_flags)
buf = req->kbuf;
bl = io_buffer_get_list(ctx, buf->bgid);
- list_add(&buf->list, &bl->buf_list);
- req->flags &= ~REQ_F_BUFFER_SELECTED;
- req->buf_index = buf->bgid;
+ if (likely(bl)) {
+ list_add(&buf->list, &bl->buf_list);
+ req->flags &= ~REQ_F_BUFFER_SELECTED;
+ req->buf_index = buf->bgid;
+ }
io_ring_submit_unlock(ctx, issue_flags);
return;
--
2.17.1
