From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45328)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1XNIKx-0002mi-JB
	for qemu-devel@nongnu.org; Fri, 29 Aug 2014 05:19:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1XNIKp-0003DC-KZ
	for qemu-devel@nongnu.org; Fri, 29 Aug 2014 05:19:15 -0400
Received: from mx1.redhat.com ([209.132.183.28]:10552)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1XNIKp-0003D2-DD
	for qemu-devel@nongnu.org; Fri, 29 Aug 2014 05:19:07 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s7T9J6ne012441
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Fri, 29 Aug 2014 05:19:06 -0400
Date: Fri, 29 Aug 2014 10:19:04 +0100
From: "Richard W.M. Jones" <rjones@redhat.com>
Message-ID: <20140829091904.GW1302@redhat.com>
References: <1409213061-15562-1-git-send-email-rjones@redhat.com>
	<1409213061-15562-2-git-send-email-rjones@redhat.com>
	<20140829090359.GA32448@stefanha-thinkpad.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20140829090359.GA32448@stefanha-thinkpad.redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2] curl: Don't deref NULL pointer in call
	to aio_poll.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: pbonzini@redhat.com, famz@redhat.com, qemu-devel@nongnu.org

On Fri, Aug 29, 2014 at 10:03:59AM +0100, Stefan Hajnoczi wrote:
> On Thu, Aug 28, 2014 at 09:04:21AM +0100, Richard W.M. Jones wrote:
> > diff --git a/block/curl.c b/block/curl.c
> > index d4b85d2..f59615d 100644
> > --- a/block/curl.c
> > +++ b/block/curl.c
> > @@ -352,7 +352,7 @@ static void curl_multi_timeout_do(void *arg)
> >  #endif
> >  }
> >  
> > -static CURLState *curl_init_state(BDRVCURLState *s)
> > +static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
> >  {
> >      CURLState *state = NULL;
> >      int i, j;
> 
> Why add the BDRVCURLState *s argument...
> 
> > @@ -370,7 +370,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
> >              break;
> >          }
> >          if (!state) {
> > -            aio_poll(state->s->aio_context, true);
> > +            aio_poll(bdrv_get_aio_context(bs), true);
> >          }
> >      } while(!state);
> >  
> 
> ...if it is not used?

I may be misunderstanding this, but BDRVCURLState *s is used elsewhere
in the function.

However there is a potential to derive `BDRVCURLState *s = bs->opaque;'
if that's what you meant?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html