check for bs->drv in bdrv_flush (Christoph Hellwig)

All the bdrv_ helpers should check for bs->drv being zero as that means
there is no backend image open.  bdrv_flush fails to perform that check
and can thus cause NULL pointer dereferences.

Found using qemu-io.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6943 c046a42c-6fe2-441c-8c8c-71466251a162

[ Backported from 6bbff9a0b495918309074ac60375be5f9dc868b3
  by Stefano Stabellini. ]

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit dddf85563a18db9ae83d59ad567f4d77d39da821)

diff --git a/block.c b/block.c
index c3c44a9580e00adc0cec89002c37523e94f462e7..3261225f7877ed68442a8397d223b492ca8a4e55 100644 (file)
--- a/block.c
+++ b/block.c
@@ -1071,6 +1071,8 @@ const char *bdrv_get_device_name(BlockDriverState *bs)
 int bdrv_flush(BlockDriverState *bs)
 {
     int ret = 0;
+    if (!bs->drv)
+        return -EINVAL;
     if (bs->drv->bdrv_flush)
         ret = bs->drv->bdrv_flush(bs);
     if (!ret && bs->backing_hd)