Most lo_do_lookup() have already checked that the parent inode exists.
lo_lookup() hasn't and can therefore hit a NULL pointer dereference when
lo_inode(req, parent) returns NULL.
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
---
contrib/virtiofsd/passthrough_ll.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/virtiofsd/passthrough_ll.c
b/contrib/virtiofsd/passthrough_ll.c
index 9ae1381618..277a17fc03 100644
--- a/contrib/virtiofsd/passthrough_ll.c
+++ b/contrib/virtiofsd/passthrough_ll.c
@@ -766,6 +766,10 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent,
const char *name,
struct lo_data *lo = lo_data(req);
struct lo_inode *inode, *dir = lo_inode(req, parent);
+ if (!dir) {
+ return EBADF;
+ }
+
memset(e, 0, sizeof(*e));
e->attr_timeout = lo->timeout;
e->entry_timeout = lo->timeout;
--
2.21.0
