Hi,
ISSUE: kfree frees an array
I see that FUNCTION: tracing_splice_read_pipe (in
FILE:src/kernel/trace/trace.c) calls FUNCTION:splice_shrink_spd (in
FILE:fs/splice.c) which does kfree(spd->partial) on error path.
But the spd->partial in FUNCTION "tracing_splice_read_pipe" is an array as below
FILE: src/kernel/trace/trace.c
static ssize_t tracing_splice_read_pipe(struct file *filp,
loff_t *ppos,
struct pipe_inode_info *pipe,
size_t len,
unsigned int flags)
{
struct page *pages_def[PIPE_DEF_BUFFERS];
struct partial_page partial_def[PIPE_DEF_BUFFERS]; <----- This is an array
struct trace_iterator *iter = filp->private_data;
struct splice_pipe_desc spd = {
.pages = pages_def,
.partial = partial_def,
<---------------------------------------- Kfree'ing this pointer ??
.nr_pages = 0, /* This gets updated below. */
.nr_pages_max = PIPE_DEF_BUFFERS,
.flags = flags,
.ops = &tracing_pipe_buf_ops,
.spd_release = tracing_spd_release_pipe,
};
..
..
}
FILE:fs/splice.c
void splice_shrink_spd(struct splice_pipe_desc *spd)
{
if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
return;
kfree(spd->pages);
kfree(spd->partial); <----------------------- Freeing the array ??
}
Is this right ?
Thanks,
Pavi
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
