From d16e1d2784a48c9b25e58a0e821c737670c6cdc8 Mon Sep 17 00:00:00 2001
From: Minwoo Im <minwoo.im@samsung.com>
Date: Wed, 24 Apr 2019 01:46:29 +0100
Subject: [PATCH] ioctl: Fix double-free in a loop of get_property

As it was reported, *pbar could be double-freed in case
get_property_helper() fails in the middle of the loop.

This issue was reported by Ken Heitke on:
  https://github.com/linux-nvme/nvme-cli/pull/471

Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
---
 nvme-ioctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nvme-ioctl.c b/nvme-ioctl.c
index 4cf7aebd..16fdc664 100644
--- a/nvme-ioctl.c
+++ b/nvme-ioctl.c
@@ -626,8 +626,10 @@ int nvme_get_properties(int fd, void **pbar)
 		err = get_property_helper(fd, offset, *pbar + offset, &advance);
 		if (!err)
 			ret = 0;
-		else
+		else {
 			free(*pbar);
+			break;
+		}
 	}
 
 	return ret;
-- 
2.50.1