From a9974da019b5942a2f38bb6a170a42645afd966a Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Tue, 10 Mar 2020 11:36:47 +0100
Subject: [PATCH] zos: fix scandir() error path NULL pointer deref

Commit b5155dd2 ("zos: return on realloc failure in scandir()")
introduced a bug where `nl` is dereferenced when it's NULL after
reallocation fails.

PR-URL: https://github.com/libuv/libuv/pull/2734
Refs: https://github.com/libuv/libuv/pull/2693
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
---
 src/unix/os390-syscalls.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/unix/os390-syscalls.c b/src/unix/os390-syscalls.c
index 260d7816..4a926c76 100644
--- a/src/unix/os390-syscalls.c
+++ b/src/unix/os390-syscalls.c
@@ -43,6 +43,7 @@ int scandir(const char* maindir, struct dirent*** namelist,
             int (*compar)(const struct dirent**,
             const struct dirent **)) {
   struct dirent** nl;
+  struct dirent** nl_copy;
   struct dirent* dirent;
   unsigned count;
   size_t allocated;
@@ -66,11 +67,13 @@ int scandir(const char* maindir, struct dirent*** namelist,
         goto error;
       memcpy(copy, dirent, sizeof(*copy));
 
-      nl = uv__realloc(nl, sizeof(*copy) * (count + 1));
-      if (nl == NULL) {
+      nl_copy = uv__realloc(nl, sizeof(*copy) * (count + 1));
+      if (nl_copy == NULL) {
         uv__free(copy);
         goto error;
       }
+
+      nl = nl_copy;
       nl[count++] = copy;
     }
   }