rpms / nvme-cli

Clone
Source Code
GIT

Blame SOURCES/nvme-ioctl-fix-double-free-in-a-loop-of-get-property-patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   b1bebddacaa11683260128877da197ad05b652b8
  2.   SOURCES
  3.   nvme-ioctl-fix-double-free-in-a-loop-of-get-property-patch
Blob History Raw
b1bebd 
commit d16e1d2784a48c9b25e58a0e821c737670c6cdc8
b1bebd 
Author: Minwoo Im <minwoo.im@samsung.com>
b1bebd 
Date:   Wed Apr 24 01:46:29 2019 +0100
b1bebd
b1bebd 
    ioctl: Fix double-free in a loop of get_property
b1bebd
b1bebd 
    As it was reported, *pbar could be double-freed in case
b1bebd 
    get_property_helper() fails in the middle of the loop.
b1bebd
b1bebd 
    This issue was reported by Ken Heitke on:
b1bebd 
      https://github.com/linux-nvme/nvme-cli/pull/471
b1bebd
b1bebd 
    Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
b1bebd
b1bebd 
diff --git a/nvme-ioctl.c b/nvme-ioctl.c
b1bebd 
index 4cf7aeb..16fdc66 100644
b1bebd 
--- a/nvme-ioctl.c
b1bebd 
+++ b/nvme-ioctl.c
b1bebd 
@@ -626,8 +626,10 @@ int nvme_get_properties(int fd, void **pbar)
b1bebd 
 		err = get_property_helper(fd, offset, *pbar + offset, &advance);
b1bebd 
 		if (!err)
b1bebd 
 			ret = 0;
b1bebd 
-		else
b1bebd 
+		else {
b1bebd 
 			free(*pbar);
b1bebd 
+			break;
b1bebd 
+		}
b1bebd 
 	}
b1bebd
b1bebd 
 	return ret;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation