From: Haotian Li <[email protected]> In main func, func lo_map_reserve is called without NULL check. If reallocing new_elems fails in func lo_map_grow, the func lo_map_reserve may return NULL. We should check whether lo_map_reserve returns NULL before using it.
Signed-off-by: Haotian Li <[email protected]> Signed-off-by: Zhiqiang Liu <[email protected]> Message-Id: <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]> Signed-off-by: Dr. David Alan Gilbert <[email protected]> --- tools/virtiofsd/passthrough_ll.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c index 6c64b03f1a..9545a0d174 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -3425,6 +3425,7 @@ int main(int argc, char *argv[]) .proc_self_fd = -1, }; struct lo_map_elem *root_elem; + struct lo_map_elem *reserve_elem; int ret = -1; /* Don't mask creation mode, kernel already did that */ @@ -3444,8 +3445,17 @@ int main(int argc, char *argv[]) * [1] Root inode */ lo_map_init(&lo.ino_map); - lo_map_reserve(&lo.ino_map, 0)->in_use = false; + reserve_elem = lo_map_reserve(&lo.ino_map, 0); + if (!reserve_elem) { + fuse_log(FUSE_LOG_ERR, "failed to alloc reserve_elem.\n"); + goto err_out1; + } + reserve_elem->in_use = false; root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino); + if (!root_elem) { + fuse_log(FUSE_LOG_ERR, "failed to alloc root_elem.\n"); + goto err_out1; + } root_elem->inode = &lo.root; lo_map_init(&lo.dirp_map); -- 2.28.0
