From d9445f505ad0fc5a993d954a2d6654785c140351 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 14 Jul 2009 17:49:00 -0400 Subject: [PATCH] Prevent crash on Windows when data version goes backwards Within cm_MergeStatus() cm_FindVolumeByID() was called with a NULL pointer instead of a valid cm_req_t object pointer in the case where the data version for an object received from the file server is smaller than the value already stored in the cache. This results in a NULL pointer dereference. Allocate a cm_req_t object on the stack and initialize it before calling cm_FindVolumeByID() in this case. LICENSE MIT Reviewed-on: http://gerrit.openafs.org/83 Verified-by: Jeffrey Altman Reviewed-by: Jeffrey Altman --- src/WINNT/afsd/cm_scache.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/WINNT/afsd/cm_scache.c b/src/WINNT/afsd/cm_scache.c index 84eb8664e..d03052b14 100644 --- a/src/WINNT/afsd/cm_scache.c +++ b/src/WINNT/afsd/cm_scache.c @@ -1576,9 +1576,12 @@ void cm_MergeStatus(cm_scache_t *dscp, cellp = cm_FindCellByID(scp->fid.cell, 0); if (scp->cbServerp) { struct cm_volume *volp = NULL; + cm_req_t req; + + cm_InitReq(&req); cm_FindVolumeByID(cellp, scp->fid.volume, userp, - (cm_req_t *) NULL, CM_GETVOL_FLAG_CREATE, &volp); + &req, CM_GETVOL_FLAG_CREATE, &volp); osi_Log2(afsd_logp, "old data from server %x volume %s", scp->cbServerp->addr.sin_addr.s_addr, volp ? volp->namep : "(unknown)"); -- 2.39.5