tmem: Prevent NULL dereference on error case

If the client / pool IDs given to tmemc_save_get_next_page are invalid,
the calculation of pagesize will dereference NULL.

Fix this by moving the calculation below the appropriate NULL check.

Signed-off-by: Matthew Daley <mattjd@gmail.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/common/tmem.c b/xen/common/tmem.c
index 128053731d535764f1b03687f1079780d05021a2..44e27721a2d41899cb4b933d3140685ac5ed1ab2 100644 (file)
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2436,10 +2436,12 @@ static NOINLINE int tmemc_save_get_next_page(int cli_id, uint32_t pool_id,
     OID oid;
     int ret = 0;
     struct tmem_handle h;
-    unsigned int pagesize = 1 << (pool->pageshift+12);
+    unsigned int pagesize;
 
     if ( pool == NULL || is_ephemeral(pool) )
         return -1;
+
+    pagesize = 1 << (pool->pageshift + 12);
     if ( bufsize < pagesize + sizeof(struct tmem_handle) )
         return -ENOMEM;