From: Jens Axboe <axboe@kernel.dk>
Date: Tue, 8 Jan 2013 20:02:14 +0000 (+0100)
Subject: Fix potential null pointer dereference on verify and requeue events
X-Git-Tag: fio-2.0.13~1
X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=fbccf46c939c9fee9f738da31c2e22791be5eab7

Fix potential null pointer dereference on verify and requeue events

We clear io_u to NULL, but later we derefence io_u to check
the data direction. Do as we do in the main IO loop - store
the data direction in a local variable, and use that after
the main switch.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
---

diff --git a/backend.c b/backend.c
index 225d8a36..099bd9bd 100644
--- a/backend.c
+++ b/backend.c
@@ -422,6 +422,7 @@ static void do_verify(struct thread_data *td)
 
 	io_u = NULL;
 	while (!td->terminate) {
+		enum fio_ddir ddir;
 		int ret2, full;
 
 		update_tv_cache(td);
@@ -456,6 +457,8 @@ static void do_verify(struct thread_data *td)
 		else
 			io_u->end_io = verify_io_u;
 
+		ddir = io_u->ddir;
+
 		ret = td_io_queue(td, io_u);
 		switch (ret) {
 		case FIO_Q_COMPLETED:
@@ -507,7 +510,7 @@ sync_done:
 			break;
 		}
 
-		if (break_on_this_error(td, io_u->ddir, &ret))
+		if (break_on_this_error(td, ddir, &ret))
 			break;
 
 		/*