>
> stat_file->stat has already been dereferenced by the time the check is
> done. This commit moves it earlier, before the first dereference
> attempt.
> ---
> server/stat-file.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/server/stat-file.c b/server/stat-file.c
> index de455b6..2e9df22 100644
> --- a/server/stat-file.c
> +++ b/server/stat-file.c
> @@ -151,6 +151,12 @@ stat_file_add_node(RedStatFile *stat_file, StatNodeRef
> parent, const char *name,
> return INVALID_STAT_REF;
> }
> pthread_mutex_lock(&stat_file->lock);
> +
> + if ((stat_file->stat == NULL) || (strlen(name) >= sizeof(node->name))) {
name is already checked some lines above, should be
if (stat_file->stat == NULL) {
> + pthread_mutex_unlock(&stat_file->lock);
> + return INVALID_STAT_REF;
> + }
> +
> ref = (parent == INVALID_STAT_REF ? stat_file->stat->root_index :
> stat_file->stat->nodes[parent].first_child_index);
> while (ref != INVALID_STAT_REF) {
> @@ -162,7 +168,7 @@ stat_file_add_node(RedStatFile *stat_file, StatNodeRef
> parent, const char *name,
> return ref;
> }
> }
> - if (stat_file->stat->num_of_nodes >= stat_file->max_nodes ||
> stat_file->stat == NULL) {
> + if (stat_file->stat->num_of_nodes >= stat_file->max_nodes) {
> pthread_mutex_unlock(&stat_file->lock);
> return INVALID_STAT_REF;
> }
Frediano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel