On Sun, Mar 7, 2021 at 2:54 PM Lars-Peter Clausen <lars@xxxxxxxxxx> wrote: > > On 3/7/21 1:36 PM, Jonathan Cameron wrote: > > On Sat, 6 Mar 2021 18:47:10 +0200 > > Alexandru Ardelean <ardeleanalex@xxxxxxxxx> wrote: > > > >> Thanks to Lars for finding this. > >> The free of the 'attached_buffers' array should be done as late as > >> possible. This change moves it to iio_buffers_put(), which looks like > >> the best place for it, since it takes place right before the IIO device > >> data is free'd. > > It feels a bit wrong to do direct freeing of stuff in a _put() call > > given that kind of implies nothing will happen without some reference > > count dropping to 0. We could think about renaming the function to > > something like > > > > iio_buffers_put_and_free_array() but is a bit long winded. > > > > Otherwise, I'm fine with this but want to let it sit on list a tiny bit > > longer before I take it as it's not totally trivial unlike the previous > > one. > > Maybe to go with naming schema of iio_device_attach_buffer() call this > function iio_device_detach_buffers(). We grab the reference in attach, > and drop it in detach. That actually sounds like it fits beautifully ( the iio_device_detach_buffers() name ). Thanks for the hint. I'll send a V2. I didn't consider more on the renaming of iio_buffers_put() because I was a bit stressed by the silliness of the use-after-free bug. Thanks Alex > > - Lars >
