From: Matthew Daley <mattjd@gmail.com>
Date: Mon, 12 Nov 2012 08:34:57 +0000 (+0100)
Subject: tmem: Prevent NULL dereference on error case
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7672
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=b85a0ab12280192fb864339543a942dbed90577c;p=xen.git

tmem: Prevent NULL dereference on error case

If the client / pool IDs given to tmemc_save_get_next_page are invalid,
the calculation of pagesize will dereference NULL.

Fix this by moving the calculation below the appropriate NULL check.

Signed-off-by: Matthew Daley <mattjd@gmail.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/tmem.c b/xen/common/tmem.c
index 128053731d..44e27721a2 100644
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2436,10 +2436,12 @@ static NOINLINE int tmemc_save_get_next_page(int cli_id, uint32_t pool_id,
     OID oid;
     int ret = 0;
     struct tmem_handle h;
-    unsigned int pagesize = 1 << (pool->pageshift+12);
+    unsigned int pagesize;
 
     if ( pool == NULL || is_ephemeral(pool) )
         return -1;
+
+    pagesize = 1 << (pool->pageshift + 12);
     if ( bufsize < pagesize + sizeof(struct tmem_handle) )
         return -ENOMEM;