Windows: buf_CleanLocked protect against NULL bp->userp

The cm_buf_t.userp field should never be NULL if the CM_BUF_DIRTY
flag is set but apparently it sometimes is.  cm_BufWrite() requires
that the userp parameter be non-NULL.  Otherwise, an assertion fails
and afsd_service.exe panics.  If bp->userp is NULL, use cm_rootUserp.
The worst that will happen is the write will fail due to an access
denied error.

Reviewed-on: http://gerrit.openafs.org/8475
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit f436fe03c80e21b6a58a6de962070841e00791ef)

Change-Id: I33f5e73509cc2c6517ae4bf4214011383a341411
Reviewed-on: http://gerrit.openafs.org/8649
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsd/cm_buf.c b/src/WINNT/afsd/cm_buf.c
index 3c07f20bc80e28e161e7f6d61939ec47bf11a35f..9b0a5e5086cc870de29a48b6acc0353ee89429cf 100644 (file)
--- a/src/WINNT/afsd/cm_buf.c
+++ b/src/WINNT/afsd/cm_buf.c
@@ -765,9 +765,8 @@ afs_uint32 buf_CleanLocked(cm_scache_t *scp, cm_buf_t *bp, cm_req_t *reqp,
              * to determine if it is appropriate to fill a full chunk of data
              * when storing to the file server.
              */
-            code = (*cm_buf_opsp->Writep)(scp, &offset,
-                                          bp->dirty_length,
-                                          flags, bp->userp, reqp);
+            code = (*cm_buf_opsp->Writep)(scp, &offset, bp->dirty_length, flags,
+                                          bp->userp ? bp->userp : cm_rootUserp, reqp);
             osi_Log3(buf_logp, "buf_CleanLocked I/O on scp 0x%p buf 0x%p, done=%d", scp, bp, code);
         }
         lock_ObtainMutex(&bp->mx);