If there's a good reason to test for NULL "conn", then we certainly must not dereference "conn" before that point. This assumes we do want to retain the NULL test. Note that many other functions perform this same test. >From 2c7b628728efcb5a59c1e7aa1cba763f5ef0045a Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering(a)redhat.com&gt; Date: Wed, 6 Jan 2010 12:59:21 +0100 Subject: [PATCH] xend_internal: don't let invalid input provoke NULL dereference * src/xen/xend_internal.c (xenDaemonOpen_unix): Do not dereference a NULL "conn". Move first deref to follow the "conn == NULL" test. --- src/xen/xend_internal.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c index 827aac4..be033f5 100644 --- a/src/xen/xend_internal.c +++ b/src/xen/xend_internal.c @@ -748,11 +748,12 @@ int xenDaemonOpen_unix(virConnectPtr conn, const char *path) { struct sockaddr_un *addr; - xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) conn->privateData; + xenUnifiedPrivatePtr priv; if ((conn == NULL) || (path == NULL)) return (-1); + priv = (xenUnifiedPrivatePtr) conn->privateData; memset(&priv->addr, 0, sizeof(priv->addr)); priv->addrfamily = AF_UNIX; /*