From 36a666058ff94b6ec1e99265f6408d553d87bc85 Mon Sep 17 00:00:00 2001
From: Darrell Kindred <dkindred@cs.cmu.edu>
Date: Thu, 29 Jun 2006 12:45:40 -0400
Subject: Actually avoid ZReceiveNotice NULL pointer deref

Bug report from dkindred in libzephyr affecting amd64_fc5:

There's a bug in libzephyr (introduced in version
zephyr-064) that is causing tzc to fail on amd64_fc5:

In /afs/cs/misc/zephyr/src/zephyr-064/lib/ZRecvNot.c line
33, 'nextq' is tested without being initialized (see code
below).

I imagine the appropriate fix is to put that "if (!nextq)"
test just *after* the "nextq = Z_GetFirstComplete();" line
instead of just before.

- Darrell
---
 lib/ZRecvNot.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/ZRecvNot.c b/lib/ZRecvNot.c
index 59b9946..e3b14a4 100644
--- a/lib/ZRecvNot.c
+++ b/lib/ZRecvNot.c
@@ -28,10 +28,9 @@ ZReceiveNotice(ZNotice_t *notice,
     if ((retval = Z_WaitForComplete()) != ZERR_NONE)
 	return (retval);
 
-    if (!nextq)
-	return (ENOMEM);
-
     nextq = Z_GetFirstComplete();
+    if (!nextq)
+      return (ENOMEM);
 
     len = nextq->packet_len;
     
-- 
cgit v1.2.3