stat_file->stat has already been dereferenced by the time the check is
done. This commit moves it earlier, before the first dereference
attempt.
---
server/stat-file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/server/stat-file.c b/server/stat-file.c
index de455b6..2e9df22 100644
--- a/server/stat-file.c
+++ b/server/stat-file.c
@@ -151,6 +151,12 @@ stat_file_add_node(RedStatFile *stat_file, StatNodeRef parent, const char *name,
return INVALID_STAT_REF;
}
pthread_mutex_lock(&stat_file->lock);
+
+ if ((stat_file->stat == NULL) || (strlen(name) >= sizeof(node->name))) {
+ pthread_mutex_unlock(&stat_file->lock);
+ return INVALID_STAT_REF;
+ }
+
ref = (parent == INVALID_STAT_REF ? stat_file->stat->root_index :
stat_file->stat->nodes[parent].first_child_index);
while (ref != INVALID_STAT_REF) {
@@ -162,7 +168,7 @@ stat_file_add_node(RedStatFile *stat_file, StatNodeRef parent, const char *name,
return ref;
}
}
- if (stat_file->stat->num_of_nodes >= stat_file->max_nodes || stat_file->stat == NULL) {
+ if (stat_file->stat->num_of_nodes >= stat_file->max_nodes) {
pthread_mutex_unlock(&stat_file->lock);
return INVALID_STAT_REF;
}
--
2.9.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel