Re: [PATCH] xfs: avoid double-free in xfs_attr_node

xfs

Re: [PATCH] xfs: avoid double-free in xfs_attr_node_addname

To:	Eric Sandeen <sandeen@xxxxxxxxxx>
Subject:	Re: [PATCH] xfs: avoid double-free in xfs_attr_node_addname
From:	Mark Tinguely <tinguely@xxxxxxx>
Date:	Thu, 01 Aug 2013 09:18:47 -0500
Cc:	"'linux-xfs@xxxxxxxxxxx'" <linux-xfs@xxxxxxxxxxx>
Delivered-to:	linux-xfs@xxxxxxxxxxx
In-reply-to:	<51F9B77E.2030005@xxxxxxxxxx>
References:	<51F9B77E.2030005@xxxxxxxxxx>
User-agent:	Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120122 Thunderbird/9.0

On 07/31/13 20:18, Eric Sandeen wrote:

xfs_attr_node_addname()'s error handling tests whether it
should free "state" in the out: error handling label:

out:
         if (state)
                 xfs_da_state_free(state);

but an earlier free doesn't set state to NULL afterwards; this
could lead to a double free.  Fix it by setting state to NULL
after it's freed.

This was found by Coverity.

Signed-off-by: Eric Sandeen<sandeen@xxxxxxxxxx>
---

Note: Exact same patch should hit xfsprogs - I could send another,
or maybe SGI can just apply it in both trees?

Thanks,
-Eric


Looks good. we will discuss the details at PM phone call.

Reviewed-by: Mark Tinguely <tinguely@xxxxxxx>

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH] xfs: avoid double-free in xfs_attr_node_addname, Mark Tinguely <= Re: [PATCH] xfs: avoid double-free in xfs_attr_node_addname, Ben Myers

Previous by Date:	Re: [PATCH] xfs:free bp in xlog_find_tail() error path, Mark Tinguely
Next by Date:	Re: [PATCH] xfsprogs: fix buffer leak in xlog_print_find_oldest, Mark Tinguely
Previous by Thread:	Re: [PATCH] xfs:free bp in xlog_find_tail() error path, Mark Tinguely
Next by Thread:	Re: [PATCH] xfs: avoid double-free in xfs_attr_node_addname, Ben Myers
Indexes:	[Date] [Thread] [Top] [All Lists]