]> www.infradead.org Git - users/sagi/nvme-cli.git/commitdiff
projects / users / sagi / nvme-cli.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fefedba)
ioctl: Fix double-free in a loop of get_property
authorMinwoo Im <minwoo.im@samsung.com>
Wed, 24 Apr 2019 00:46:29 +0000 (01:46 +0100)
committerMinwoo Im <minwoo.im@samsung.com>
Wed, 24 Apr 2019 00:46:29 +0000 (01:46 +0100)
As it was reported, *pbar could be double-freed in case
get_property_helper() fails in the middle of the loop.

This issue was reported by Ken Heitke on:
  https://github.com/linux-nvme/nvme-cli/pull/471

Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
nvme-ioctl.c patch | blob | history

diff --git a/nvme-ioctl.c b/nvme-ioctl.c
index 4cf7aebd5c7d6b31d7f9439c4cadcac71e8b53db..16fdc664efb5b65e1766ea83fecd0a1aeadd3dbf 100644 (file)
--- a/nvme-ioctl.c
+++ b/nvme-ioctl.c
@@ -626,8 +626,10 @@ int nvme_get_properties(int fd, void **pbar)
                err = get_property_helper(fd, offset, *pbar + offset, &advance);
                if (!err)
                        ret = 0;
-               else
+               else {
                        free(*pbar);
+                       break;
+               }
        }
 
        return ret;
Unnamed repository; edit this file 'description' to name the repository.