[1/3] slirp: don't crash when tcp_sockclosed() is called with a NULL tp

Commit Message

Steven Luo April 6, 2016, 12:14 a.m. UTC

Signed-off-by: Steven Luo <steven+qemu@steven676.net>
---
This prevents a crash that would be exposed by a later patch in this
series.  The removed check for non-null is clearly wrong, as it comes
after the pointer has already been dereferenced in this function.

 slirp/tcp_subr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Patch

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index dbfd2c6..32ff452 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -356,6 +356,10 @@  tcp_sockclosed(struct tcpcb *tp)
 	DEBUG_CALL("tcp_sockclosed");
 	DEBUG_ARG("tp = %p", tp);
 
+	if (!tp) {
+		return;
+	}
+
 	switch (tp->t_state) {
 
 	case TCPS_CLOSED:
@@ -374,8 +378,7 @@  tcp_sockclosed(struct tcpcb *tp)
 		tp->t_state = TCPS_LAST_ACK;
 		break;
 	}
-	if (tp)
-		tcp_output(tp);
+	tcp_output(tp);
 }
 
 /*