From: Dave Jones <davej@redhat.com>
To: Linux Kernel <linux-kernel@vger.kernel.org>
Cc: ericvh@gmail.com, rminnich@lanl.gov
Subject: 9pfs double kfree
Date: Mon, 6 Mar 2006 02:04:58 -0500 [thread overview]
Message-ID: <20060306070456.GA16478@redhat.com> (raw)
Probably the first of many found with Coverity.
This is kfree'd outside of both arms of the if condition already,
so fall through and free it just once.
Second variant is double-nasty, it deref's the free'd fcall
before it tries to free it a second time.
(I wish we had a kfree variant that NULL'd the target when it was free'd)
Coverity bugs: 987, 986
Signed-off-by: Dave Jones <davej@redhat.com>
--- linux-2.6.15.noarch/fs/9p/vfs_super.c~ 2006-03-06 01:53:38.000000000 -0500
+++ linux-2.6.15.noarch/fs/9p/vfs_super.c 2006-03-06 01:54:36.000000000 -0500
@@ -156,7 +156,6 @@ static struct super_block *v9fs_get_sb(s
stat_result = v9fs_t_stat(v9ses, newfid, &fcall);
if (stat_result < 0) {
dprintk(DEBUG_ERROR, "stat error\n");
- kfree(fcall);
v9fs_t_clunk(v9ses, newfid);
} else {
/* Setup the Root Inode */
--- linux-2.6.15.noarch/fs/9p/vfs_inode.c~ 2006-03-06 01:57:05.000000000 -0500
+++ linux-2.6.15.noarch/fs/9p/vfs_inode.c 2006-03-06 01:58:05.000000000 -0500
@@ -274,7 +274,6 @@ v9fs_create(struct v9fs_session_info *v9
PRINT_FCALL_ERROR("clone error", fcall);
goto error;
}
- kfree(fcall);
err = v9fs_t_create(v9ses, fid, name, perm, mode, &fcall);
if (err < 0) {
next reply other threads:[~2006-03-06 7:05 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-06 7:04 Dave Jones [this message]
2006-03-06 7:07 ` 9pfs double kfree David S. Miller
2006-03-06 7:23 ` Al Viro
2006-03-06 7:28 ` Dave Jones
2006-03-06 7:56 ` Pekka Enberg
2006-03-06 8:00 ` Dave Jones
2006-03-06 8:16 ` Al Viro
2006-03-06 8:23 ` Pekka Enberg
2006-03-06 8:27 ` Arjan van de Ven
2006-03-06 8:40 ` Kai Makisara
2006-03-06 9:34 ` Al Viro
2006-03-06 22:07 ` Pavel Machek
2006-03-09 14:48 ` Luke-Jr
2006-03-06 7:26 ` Balbir Singh
2006-03-06 7:31 ` Dave Jones
2006-03-06 7:39 ` Balbir Singh
2006-03-07 0:37 ` Andrew Morton
2006-03-07 1:04 ` Eric Van Hensbergen
2006-03-07 2:20 ` Latchesar Ionkov
2006-03-07 1:49 ` Latchesar Ionkov
2006-03-07 12:43 ` [PATCH] v9fs: fix for access to unitialized variables or freed memory Latchesar Ionkov
2006-03-07 23:04 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060306070456.GA16478@redhat.com \
--to=davej@redhat.com \
--cc=ericvh@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rminnich@lanl.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox