If verify_set_primary_sb() completes the secondary sb scanning loop with
too few valid secondaries found (num_ok < num_sbs / 2), it will immediately
return without freeing any of the previously allocated memory (variables
sb, checked, and any items on the geo list). This was reported by
the Coverity scanner as CID 997012, 997013 and 997014.
Fix this by using the out_free_list: goto target for this error case.
Earlier, if get_sb() fails in the secondary scan loop, it goes to
the out: target which does not free any items on the geo list. Fix
this by using the out_free_list: target as well, and remove the now-unused
out: target.
Signed-off-by: Li Zhong <zhong@xxxxxxxxxxxxxxxxxx>
---
v2: as Mark pointed out, out in the for loop before also needs list to
be freed. Also remove out lable as it is not referenced any more.
v3: use a meaningful changlog from Eric, and hide the patch changlogs below "---".
repair/sb.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/repair/sb.c b/repair/sb.c
index aa550e3..d34d7a2 100644
--- a/repair/sb.c
+++ b/repair/sb.c
@@ -733,7 +733,7 @@ verify_set_primary_sb(xfs_sb_t *rsb,
if (get_sb(sb, off, size, agno) == XR_EOF) {
retval = 1;
- goto out;
+ goto out_free_list;
}
if (verify_sb(sb, 0) == XR_OK) {
@@ -756,8 +756,10 @@ verify_set_primary_sb(xfs_sb_t *rsb,
/*
* see if we have enough superblocks to bother with
*/
- if (num_ok < num_sbs / 2)
- return(XR_INSUFF_SEC_SB);
+ if (num_ok < num_sbs / 2) {
+ retval = XR_INSUFF_SEC_SB;
+ goto out_free_list;
+ }
current = get_best_geo(list);
@@ -841,7 +843,6 @@ verify_set_primary_sb(xfs_sb_t *rsb,
out_free_list:
free_geo(list);
-out:
free(sb);
free(checked);
return(retval);
--
1.8.1.4
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
