This bug is still around.
regards,
dan carpenter
On Wed, Feb 19, 2014 at 12:53:05PM +0300, Dan Carpenter wrote:
> Smatch complains here. I don't think I have reported this one before.
> It feels very familiar but I have grepped my outbox.
>
> fs/xfs/xfs_qm_syscalls.c:814 xfs_qm_log_quotaoff()
> warn: 'tp' was already freed.
>
> fs/xfs/xfs_qm_syscalls.c
> 804 /*
> 805 * We have to make sure that the transaction is secure on disk before we
> 806 * return and actually stop quota accounting. So, make it synchronous.
> 807 * We don't care about quotoff's performance.
> 808 */
> 809 xfs_trans_set_sync(tp);
> 810 error = xfs_trans_commit(tp, 0);
> ^^^^^^^^^^^^^^^^
> This function frees tp.
>
> 811
> 812 error0:
> 813 if (error) {
> 814 xfs_trans_cancel(tp, 0);
> ^^^^^^^^^^^^^^^^^
> Use after free.
>
> 815 /*
> 816 * No one else is modifying sb_qflags, so this is OK.
> 817 * We still hold the quotaofflock.
> 818 */
>
> regards,
> dan carpenter
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
