From 790f04ddbb48c66db65d9e54756625e6c63768a9 Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Fri, 9 Mar 2012 14:13:22 +0100
Subject: PR2039: Fix NULL pointer access

In case rtems_bdbuf_read() returns an error status, the block device
buffer pointer will be set to NULL.  In RFS the chain node of the block
device buffer will be used for RFS purposes.  We must not do this after
an erroneous read.
---
 cpukit/libfs/src/rfs/rtems-rfs-buffer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpukit/libfs/src/rfs/rtems-rfs-buffer.c b/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
index 60f9deae32..e2ec8ed3f4 100644
--- a/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
+++ b/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
@@ -168,8 +168,6 @@ rtems_rfs_buffer_handle_request (rtems_rfs_file_system*   fs,
   {
     rc = rtems_rfs_buffer_io_request (fs, block, read, &handle->buffer);
 
-    rtems_chain_set_off_chain (rtems_rfs_buffer_link(handle));
-
     if (rc > 0)
     {
       if (rtems_rfs_trace (RTEMS_RFS_TRACE_BUFFER_HANDLE_REQUEST))
@@ -177,6 +175,8 @@ rtems_rfs_buffer_handle_request (rtems_rfs_file_system*   fs,
                 block, read ? "read" : "get", rc, strerror (rc));
       return rc;
     }
+
+    rtems_chain_set_off_chain (rtems_rfs_buffer_link(handle));
   }
 
   /*
-- 
cgit v1.2.3