From fbccf46c939c9fee9f738da31c2e22791be5eab7 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Tue, 8 Jan 2013 21:02:14 +0100 Subject: [PATCH] Fix potential null pointer dereference on verify and requeue events We clear io_u to NULL, but later we derefence io_u to check the data direction. Do as we do in the main IO loop - store the data direction in a local variable, and use that after the main switch. Signed-off-by: Jens Axboe --- backend.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/backend.c b/backend.c index 225d8a36..099bd9bd 100644 --- a/backend.c +++ b/backend.c @@ -422,6 +422,7 @@ static void do_verify(struct thread_data *td) io_u = NULL; while (!td->terminate) { + enum fio_ddir ddir; int ret2, full; update_tv_cache(td); @@ -456,6 +457,8 @@ static void do_verify(struct thread_data *td) else io_u->end_io = verify_io_u; + ddir = io_u->ddir; + ret = td_io_queue(td, io_u); switch (ret) { case FIO_Q_COMPLETED: @@ -507,7 +510,7 @@ sync_done: break; } - if (break_on_this_error(td, io_u->ddir, &ret)) + if (break_on_this_error(td, ddir, &ret)) break; /* -- 2.25.1