Fix potential null pointer dereference on verify and requeue events

We clear io_u to NULL, but later we derefence io_u to check
the data direction. Do as we do in the main IO loop - store
the data direction in a local variable, and use that after
the main switch.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/backend.c b/backend.c
index 225d8a36ec66a427a996a8f14fe48717fba67b6f..099bd9bd63170da1187983d25e50f0ba8c94b59d 100644 (file)
--- a/backend.c
+++ b/backend.c
@@ -422,6 +422,7 @@ static void do_verify(struct thread_data *td)
 
        io_u = NULL;
        while (!td->terminate) {
+               enum fio_ddir ddir;
                int ret2, full;
 
                update_tv_cache(td);
@@ -456,6 +457,8 @@ static void do_verify(struct thread_data *td)
                else
                        io_u->end_io = verify_io_u;
 
+               ddir = io_u->ddir;
+
                ret = td_io_queue(td, io_u);
                switch (ret) {
                case FIO_Q_COMPLETED:
@@ -507,7 +510,7 @@ sync_done:
                        break;
                }
 
-               if (break_on_this_error(td, io_u->ddir, &ret))
+               if (break_on_this_error(td, ddir, &ret))
                        break;
 
                /*