From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36670) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WO6M8-0005mV-Ti for qemu-devel@nongnu.org; Thu, 13 Mar 2014 10:11:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WO6M2-0006TX-Qa for qemu-devel@nongnu.org; Thu, 13 Mar 2014 10:11:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:20542) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WO6M2-0006TD-JV for qemu-devel@nongnu.org; Thu, 13 Mar 2014 10:11:26 -0400 From: Stefan Hajnoczi Date: Thu, 13 Mar 2014 15:10:47 +0100 Message-Id: <1394719868-24312-4-git-send-email-stefanha@redhat.com> In-Reply-To: <1394719868-24312-1-git-send-email-stefanha@redhat.com> References: <1394719868-24312-1-git-send-email-stefanha@redhat.com> Subject: [Qemu-devel] [PULL v2 for-2.0 03/24] qcow2: Check bs->drv in copy_sectors() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell , Stefan Hajnoczi , Anthony Liguori , Max Reitz From: Max Reitz Before dereferencing bs->drv for a call to its member bdrv_co_readv(), copy_sectors() should check whether that pointer is indeed valid, since it may have been set to NULL by e.g. a concurrent write triggering the corruption prevention mechanism. Signed-off-by: Max Reitz Signed-off-by: Stefan Hajnoczi --- block/qcow2-cluster.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 36c1bed..9499df9 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -380,6 +380,10 @@ static int coroutine_fn copy_sectors(BlockDriverState *bs, BLKDBG_EVENT(bs->file, BLKDBG_COW_READ); + if (!bs->drv) { + return -ENOMEDIUM; + } + /* Call .bdrv_co_readv() directly instead of using the public block-layer * interface. This avoids double I/O throttling and request tracking, * which can lead to deadlock when block layer copy-on-read is enabled. -- 1.8.5.3