From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 7 Oct 2009 14:51:55 +0000 (+0100)
Subject: check for bs->drv in bdrv_flush (Christoph Hellwig)
X-Git-Tag: xen-4.0.0-rc1~21
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=dddf85563a18db9ae83d59ad567f4d77d39da821;p=qemu-xen-4.2-testing.git

check for bs->drv in bdrv_flush (Christoph Hellwig)

All the bdrv_ helpers should check for bs->drv being zero as that means
there is no backend image open.  bdrv_flush fails to perform that check
and can thus cause NULL pointer dereferences.

Found using qemu-io.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6943 c046a42c-6fe2-441c-8c8c-71466251a162

[ Backported from 6bbff9a0b495918309074ac60375be5f9dc868b3
  by Stefano Stabellini. ]

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---

diff --git a/block.c b/block.c
index c3c44a958..3261225f7 100644
--- a/block.c
+++ b/block.c
@@ -1071,6 +1071,8 @@ const char *bdrv_get_device_name(BlockDriverState *bs)
 int bdrv_flush(BlockDriverState *bs)
 {
     int ret = 0;
+    if (!bs->drv)
+        return -EINVAL;
     if (bs->drv->bdrv_flush)
         ret = bs->drv->bdrv_flush(bs);
     if (!ret && bs->backing_hd)