* [PATCH] btrfs-progs: cmd-subvolume: set subvol_path to NULL after free
@ 2020-12-07 9:07 Su Yue
2020-12-10 16:13 ` David Sterba
0 siblings, 1 reply; 2+ messages in thread
From: Su Yue @ 2020-12-07 9:07 UTC (permalink / raw)
To: linux-btrfs; +Cc: l
User reported that `btrfs subvolume show -u -- /mnt` causes double free.
Pointer subovl_path was freed in iterations but still keeps old value.
In the last iteration, error BTRFS_UTIL_ERROR_STOP_ITERATION returned,
then the double free of subvol_path happens in the out goto label.
Set subvol_path to NULL after each free() in the loop to fix the issue.
Links: https://github.com/kdave/btrfs-progs/issues/317
Signed-off-by: Su Yue <l@damenly.su>
---
cmds/subvolume.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/cmds/subvolume.c b/cmds/subvolume.c
index f153cfa9..a6771d10 100644
--- a/cmds/subvolume.c
+++ b/cmds/subvolume.c
@@ -1117,6 +1117,7 @@ static int cmd_subvol_show(const struct cmd_struct *cmd, int argc, char **argv)
break;
free(subvol_path);
+ subvol_path = NULL;
}
btrfs_util_destroy_subvolume_iterator(iter);
} else {
--
2.29.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-12-10 16:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-07 9:07 [PATCH] btrfs-progs: cmd-subvolume: set subvol_path to NULL after free Su Yue
2020-12-10 16:13 ` David Sterba
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox