diff options
author | Darrell Kindred <dkindred@cs.cmu.edu> | 2006-06-29 12:45:40 -0400 |
---|---|---|
committer | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-24 18:13:15 -0500 |
commit | 36a666058ff94b6ec1e99265f6408d553d87bc85 (patch) | |
tree | bcfb5df2e221a4cc679d6f6e06676abb4620301e /lib | |
parent | 0658dac39b4857fb02ff082577cb2e6942f98978 (diff) |
Actually avoid ZReceiveNotice NULL pointer deref
Bug report from dkindred in libzephyr affecting amd64_fc5:
There's a bug in libzephyr (introduced in version
zephyr-064) that is causing tzc to fail on amd64_fc5:
In /afs/cs/misc/zephyr/src/zephyr-064/lib/ZRecvNot.c line
33, 'nextq' is tested without being initialized (see code
below).
I imagine the appropriate fix is to put that "if (!nextq)"
test just *after* the "nextq = Z_GetFirstComplete();" line
instead of just before.
- Darrell
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ZRecvNot.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/ZRecvNot.c b/lib/ZRecvNot.c index 59b9946..e3b14a4 100644 --- a/lib/ZRecvNot.c +++ b/lib/ZRecvNot.c @@ -28,10 +28,9 @@ ZReceiveNotice(ZNotice_t *notice, if ((retval = Z_WaitForComplete()) != ZERR_NONE) return (retval); - if (!nextq) - return (ENOMEM); - nextq = Z_GetFirstComplete(); + if (!nextq) + return (ENOMEM); len = nextq->packet_len; |