From patchwork Mon Feb 25 22:54:38 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Sandeen <sandeen@redhat.com>
X-Patchwork-Id: 2182201
Return-Path: <linux-btrfs-owner@vger.kernel.org>
X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id 94963DFE86
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon, 25 Feb 2013 21:55:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759816Ab3BYVzu (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Mon, 25 Feb 2013 16:55:50 -0500
Received: from nat-pool-rdu.redhat.com ([66.187.233.202]:57421 "EHLO
	bp-05.lab.msp.redhat.com" rhost-flags-OK-OK-OK-FAIL)
	by vger.kernel.org with ESMTP id S1758692Ab3BYVzQ (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Mon, 25 Feb 2013 16:55:16 -0500
Received: by bp-05.lab.msp.redhat.com (Postfix, from userid 0)
	id 812B41E0A95; Mon, 25 Feb 2013 16:54:54 -0600 (CST)
From: Eric Sandeen <sandeen@redhat.com>
To: linux-btrfs@vger.kernel.org
Cc: Eric Sandeen <sandeen@redhat.com>
Subject: [PATCH 05/17] btrfs-progs: avoid double-free in __btrfs_map_block
Date: Mon, 25 Feb 2013 16:54:38 -0600
Message-Id: <1361832890-40921-6-git-send-email-sandeen@redhat.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1361832890-40921-1-git-send-email-sandeen@redhat.com>
References: <1361832890-40921-1-git-send-email-sandeen@redhat.com>
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org

__btrfs_map_block() can possibly do the goto again: loop after
having allocated & freed the "multi" pointer.  There are then
a couple error conditions where it will attempt to again kfree
the now non-NULL multi pointer.  So before retrying, reset
multi to NULL after we free it.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
 volumes.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/volumes.c b/volumes.c
index c8fbde3..ca1b402 100644
--- a/volumes.c
+++ b/volumes.c
@@ -1226,6 +1226,7 @@ again:
 	if (multi_ret && stripes_allocated < stripes_required) {
 		stripes_allocated = stripes_required;
 		kfree(multi);
+		multi = NULL;
 		goto again;
 	}
 	stripe_nr = offset;