From f38caffa62c23ac04c2b88416dfe346b7ed81a9a Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Fri, 9 Mar 2012 14:13:22 +0100
Subject: PR2039: Fix NULL pointer access

In case rtems_bdbuf_read() returns an error status, the block device
buffer pointer will be set to NULL.  In RFS the chain node of the block
device buffer will be used for RFS purposes.  We must not do this after
an erroneous read.
---
 cpukit/libfs/src/rfs/rtems-rfs-buffer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'cpukit')

diff --git a/cpukit/libfs/src/rfs/rtems-rfs-buffer.c b/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
index 43fb586895..6c8ad8299b 100644
--- a/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
+++ b/cpukit/libfs/src/rfs/rtems-rfs-buffer.c
@@ -166,8 +166,6 @@ rtems_rfs_buffer_handle_request (rtems_rfs_file_system*   fs,
   {
     rc = rtems_rfs_buffer_io_request (fs, block, read, &handle->buffer);
 
-    rtems_chain_set_off_chain (rtems_rfs_buffer_link(handle));
-
     if (rc > 0)
     {
       if (rtems_rfs_trace (RTEMS_RFS_TRACE_BUFFER_HANDLE_REQUEST))
@@ -175,6 +173,8 @@ rtems_rfs_buffer_handle_request (rtems_rfs_file_system*   fs,
                 block, read ? "read" : "get", rc, strerror (rc));
       return rc;
     }
+
+    rtems_chain_set_off_chain (rtems_rfs_buffer_link(handle));
   }
 
   /*
-- 
cgit v1.2.3