From 025718f1734655c411475ea338cee1659d96763e Mon Sep 17 00:00:00 2001 From: nik-redhat Date: Thu, 3 Sep 2020 15:42:45 +0530 Subject: [PATCH 595/610] glusterd: use after free (coverity issue) Issue: dict_unref is called on the same dict again, in the out label of the code, which causes the use after free issue. Fix: Set the dict to NULL after unref, to avoid use after free issue. CID: 1430127 >Updates: #1060 >Change-Id: Ide9a5cbc5f496705c671e72b0260da6d4c06f16d >Signed-off-by: nik-redhat Upstream link: https://review.gluster.org/c/glusterfs/+/24946 BUG: 1997447 Change-Id: Id1e58cd6226b9329ad49bd5b75ee96a3a5ec5ab7 Signed-off-by: nik-redhat Reviewed-on: https://code.engineering.redhat.com/gerrit/c/rhs-glusterfs/+/280067 Reviewed-by: Sunil Kumar Heggodu Gopala Acharya --- xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c index 386eed2..b0fa490 100644 --- a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c +++ b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c @@ -2039,8 +2039,9 @@ glusterd_update_snaps_synctask(void *opaque) "Failed to remove snap %s", snap->snapname); goto out; } - if (dict) - dict_unref(dict); + + dict_unref(dict); + dict = NULL; } snprintf(buf, sizeof(buf), "%s.accept_peer_data", prefix); ret = dict_get_int32(peer_data, buf, &val); -- 1.8.3.1