* [PATCH] btrfs_scan_one_dir: avoid use-after-free on error path
@ 2012-04-11 14:42 Jim Meyering
0 siblings, 0 replies; only message in thread
From: Jim Meyering @ 2012-04-11 14:42 UTC (permalink / raw)
To: linux-btrfs
If we iterate the "goto again" loop, we've called "closedir(dirp)",
yet at the top of the loop, upon malloc failure we "goto fail",
where we test dirp and if non-NULL, call closedir(dirp) again.
* utils.c (btrfs_scan_one_dir): Clear "dirp" after closedir to avoid
use-after-free upon failed fullpath = malloc(...
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
Coverity reported this use-after-free.
I chose to set dirp to NULL after each closedir(dirp).
An alternative fix is to move the test for malloc failure "down"
to after the test for opendir failure.
utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils.c b/utils.c
index ee7fa1b..7c8c9d3 100644
--- a/utils.c
+++ b/utils.c
@@ -1021,6 +1021,7 @@ again:
list);
list_del(&pending->list);
closedir(dirp);
+ dirp = NULL;
goto again;
}
ret = 0;
--
1.7.10.128.g7945c
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-04-11 14:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-11 14:42 [PATCH] btrfs_scan_one_dir: avoid use-after-free on error path Jim Meyering
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.