On Mon, 06/11 15:04, Jie Wang wrote: > if laio_init create linux_aio failed and return NULL, NULL pointer > dereference will occur when laio_attach_aio_context dereference > linux_aio in aio_get_linux_aio, so add assert to avoid it. > > Signed-off-by: Jie Wang <wangji...@huawei.com> > --- > util/async.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/util/async.c b/util/async.c > index 03f62787f2..7766bcd8bc 100644 > --- a/util/async.c > +++ b/util/async.c > @@ -327,6 +327,7 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx) > { > if (!ctx->linux_aio) { > ctx->linux_aio = laio_init(); > + assert(ctx->linux_aio); > laio_attach_aio_context(ctx->linux_aio, ctx); > } > return ctx->linux_aio; > --
I'm afraid this is not the correct fix. If laio_init() can fail, this function should skip laio_attach_aio_context() and return NULL, then callers should check the return value and handle the error. E.g. Set s->use_linux_aio to false and fall back to posix I/O, and perhaps report the error with error_report. Or even better, call laio_init during raw_open and use error_setg(errp, ...). assert() will simply crash the program, it is not the right way to catch errors. Fam