faizan husain wrote:
problem was this part of code in parse_alloc_fields() function:
if (count != 3)
goto out_free;
at this point memory is not allocated for fields leading to double
free of memory once inside parse_alloc_fields() and again inside
nfs4_ace_from_string().
instead we can change the code:
if (count != 3)
return -EINVAL; /*Invalid argument*/
This look to me as more foolproof solution.
what do you say?
That looks correct. It should return EINVAL here, and there is no need to
free. But I don't see why it fixes your segfault. fields[] should be all
NULL at this point, so free_fields shouldn't do anything.
The test in free_fields() is redundant, since free(NULL) doesn't do
anything. But it could be made more foolproof by zeroing the array so you
can't get a double free:
void
free_fields(char *fields[NUMFIELDS])
{
int i;
for (i = 0; i < NUMFIELDS; i++) {
free(fields[i]);
fields[i] = NULL;
}
}
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
