* Strange "while" loop in tftp_receive since commit cf8d6bbd
@ 2015-06-21 16:47 Andrei Borzenkov
0 siblings, 0 replies; only message in thread
From: Andrei Borzenkov @ 2015-06-21 16:47 UTC (permalink / raw)
To: grub-devel
Coverity complains about double free in this function (CID 96690). This
happens here:
case TFTP_DATA:
...
while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
{
...
data->block++;
...
grub_netbuff_free (nb_top);
}
As far as I can tell, data->block is always incremented so condition in
while() loop can be true at most once (tftph is set outside of this
loop and so does not change). But Coverity does not know it so flags it
as double free.
In case I miss something non-obvious - what is the reason for this
loop? It had been added in cf8d6bbd but commit message does not really
explain why it was done. Code in question did not really change since
this commit, so even originally I do not understand what this change
did.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-21 16:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-21 16:47 Strange "while" loop in tftp_receive since commit cf8d6bbd Andrei Borzenkov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).