From: Doug Ledford <dledford@redhat.com>
Date: Wed, 29 Oct 2008 19:05:36 +0000 (-0400)
Subject: Fix NULL pointer oops
X-Git-Tag: mdadm-2.6.8~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43aaf431f66270080368d4b33378bd3dc0fa1c96;p=thirdparty%2Fmdadm.git

Fix NULL pointer oops

RAID10 is the only raid level that uses the avail char array pointer
during the enough() operation, so it was the only one that saw this.
The code in incremental assumes unconditionally that count_active will
allocate the avail char array, that it might be used by enough, and that
it will need to be freed afterward.  Once you make count_active actually
do that, then the oops goes away.

Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
---

diff --git a/Incremental.c b/Incremental.c
index 0fb9afd3..9c6524f2 100644
--- a/Incremental.c
+++ b/Incremental.c
@@ -543,12 +543,18 @@ static int count_active(struct supertype *st, int mdfd, char **availp,
 		if (ok != 0)
 			continue;
 		st->ss->getinfo_super(st, &info);
+		if (!avail) {
+			avail = malloc(info.array.raid_disks);
+			if (!avail) {
+				fprintf(stderr, Name ": out of memory.\n");
+				exit(1);
+			}
+			memset(avail, 0, info.array.raid_disks);
+			*availp = avail;
+		}
+
 		if (info.disk.state & (1<<MD_DISK_SYNC))
 		{
-			if (avail == NULL) {
-				avail = malloc(info.array.raid_disks);
-				memset(avail, 0, info.array.raid_disks);
-			}
 			if (cnt == 0) {
 				cnt++;
 				max_events = info.events;