aio-posix: avoid NULL pointer dereference in aio_epoll_update

aio_epoll_update dereferences parameter "node", but it could have been NULL
if deleting an fd handler that was not registered in the first place.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 20161108135524.25927-2-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Paolo Bonzini 2016-11-08 14:55:23 +01:00 committed by Stefan Hajnoczi
parent e6af1e0854
commit 36173ec5f1

View File

@ -217,7 +217,10 @@ void aio_set_fd_handler(AioContext *ctx,
/* Are we deleting the fd handler? */
if (!io_read && !io_write) {
if (node) {
if (node == NULL) {
return;
}
g_source_remove_poll(&ctx->source, &node->pfd);
/* If the lock is held, just mark the node as deleted */
@ -232,7 +235,6 @@ void aio_set_fd_handler(AioContext *ctx,
QLIST_REMOVE(node, node);
deleted = true;
}
}
} else {
if (node == NULL) {
/* Alloc and insert if it's not already there */