Fix a potential NULL pointer dereference in the vmbackup plugin.

In some circumtances, VmBackupAsyncCallback might dereference
gBackupState after calling VmBackupDoAbort even though the
latter function can potentially set gBackupState to NULL.  Add
a check to prevent the potential NULL pointer dereference.

diff --git a/open-vm-tools/services/plugins/vmbackup/stateMachine.c b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
index 6b422869a7498f2b77aeada8aa730e5bc5c01781..5c01a7bc3da5bf508e0e3472b6ae7c9c0c7e2a51 100644 (file)
--- a/open-vm-tools/services/plugins/vmbackup/stateMachine.c
+++ b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
@@ -675,6 +675,15 @@ VmBackupAsyncCallback(void *clientData)
       if (gBackupState->rpcState == VMBACKUP_RPC_STATE_ERROR) {
          g_warning("Aborting backup operation due to RPC errors.");
          VmBackupDoAbort();
+
+         /*
+          * Check gBackupState, since the abort could cause a transition to
+          * VMBACKUP_MSTATE_IDLE, in which case the VmBackupState structure
+          * would be freed and gBackupState would be NULL.
+          */
+         if (gBackupState == NULL) {
+            return FALSE;
+         }
          goto exit;
       }
    }