From: Garrett Wollman <wollman@csail.mit.edu>
Date: Sat, 13 Aug 2011 22:34:47 +0000 (-0400)
Subject: libafs: don't crash if afs_write() is called with zero-length uio
X-Git-Tag: upstream/1.8.0_pre1^2~3379
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5836464f454f0bb4612c665d27061956d4c745af;p=packages%2Fo%2Fopenafs.git

libafs: don't crash if afs_write() is called with zero-length uio

If AFS_UIO_RESID(auio) is zero in afs_write(), we could end up
calling afsio_free(NULL).  Guard the free.  (In the alternative,
perhaps we should just osi_Assert(totalLength > 0) instead?)

Change-Id: Ic218f039e2034b679cb4817a543af2e8307f36f8
Found-by: clang static analyzer with the help of AFS_NONNULL
Reviewed-on: http://gerrit.openafs.org/5259
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
---

diff --git a/src/afs/VNOPS/afs_vnop_write.c b/src/afs/VNOPS/afs_vnop_write.c
index 90e781151..0f6007b59 100644
--- a/src/afs/VNOPS/afs_vnop_write.c
+++ b/src/afs/VNOPS/afs_vnop_write.c
@@ -398,7 +398,8 @@ afs_write(struct vcache *avc, struct uio *auio, int aio,
 	avc->vc_error = error;
     if (!noLock)
 	ReleaseWriteLock(&avc->lock);
-    afsio_free(tuiop);
+    if (tuiop)
+	afsio_free(tuiop);
 
 #ifndef	AFS_VM_RDWR_ENV
     /*