From d9b3114b6ef8e0f4d50a8d56d750a698d85fa984 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 29 Aug 2023 08:25:23 +0800
Subject: [PATCH] checkpoint: Fix segfault crash when rollback

When rolling back a checkpoint, NM will crash due to dereference a NULL
pointer of `priv->removed_devices->len`.

To fix it, we just place a NULL check before that code block.

Fixes: 1f1b71ad9f8a ('checkpoint: preserve devices that were removed and
                      readded')

Reference: https://issues.redhat.com/browse/RHEL-1526

Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 3162507d6ca381cfbe02ceba2d80ba0f3ba3e5f7)
(cherry picked from commit e5600d4c5a33749939b984184f27fbe4159a2b65)
---
 src/core/nm-checkpoint.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 5c4d4e53d6..74adf48477 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -460,24 +460,27 @@ next_dev:
         NMDeviceState state;
 
         nm_manager_for_each_device (priv->manager, device, tmp_lst) {
-            gboolean found = FALSE;
-
             if (g_hash_table_contains(priv->devices, device))
                 continue;
 
             /* Also ignore devices that were in the checkpoint initially and
              * were moved to 'removed_devices' because they got removed from
              * the system. */
-            for (i = 0; i < priv->removed_devices->len; i++) {
-                dev_checkpoint = priv->removed_devices->pdata[i];
-                if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
-                    && nm_streq0(dev_checkpoint->original_dev_name, nm_device_get_iface(device))) {
-                    found = TRUE;
-                    break;
+            if (priv->removed_devices) {
+                gboolean found = FALSE;
+
+                for (i = 0; i < priv->removed_devices->len; i++) {
+                    dev_checkpoint = priv->removed_devices->pdata[i];
+                    if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
+                        && nm_streq0(dev_checkpoint->original_dev_name,
+                                     nm_device_get_iface(device))) {
+                        found = TRUE;
+                        break;
+                    }
                 }
+                if (found)
+                    continue;
             }
-            if (found)
-                continue;
 
             state = nm_device_get_state(device);
             if (state > NM_DEVICE_STATE_DISCONNECTED && state < NM_DEVICE_STATE_DEACTIVATING) {
-- 
2.41.0