Page MenuHomeFreeBSD

Fix double free in case of mount error.
ClosedPublic

Authored by fsu on Feb 27 2019, 11:37 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jan 23, 1:44 PM
Unknown Object (File)
Wed, Jan 15, 11:33 AM
Unknown Object (File)
Wed, Jan 15, 4:44 AM
Unknown Object (File)
Dec 24 2024, 12:59 AM
Unknown Object (File)
Nov 29 2024, 10:54 PM
Unknown Object (File)
Nov 28 2024, 10:51 AM
Unknown Object (File)
Nov 10 2024, 4:39 PM
Unknown Object (File)
Oct 24 2024, 1:44 PM
Subscribers

Details

Summary

It was found, that if cg descriptors bread() will return error, the fs->e2fs_gd and fs->e2fs_contigdirs sb fields will be freed twice.
Immediately after bread() call and at the bottom of the ext2_mountfs() function.
It is not possible to free these in-memory superblocks fields immediately after bread(), because the compute_sb_data() function is used in case of ro/rw remounting.
So, choose the second place and remove free() calls immediately after bread().

Test Plan

Tested manually with problem fs image.
And some ro/rw remount manual tests had place.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

pfg added inline comments.
sys/fs/ext2fs/ext2_vfsops.c
474 ↗(On Diff #54470)

Remove "The" from here: we are talking about two things so we cannot use a singular.

This revision is now accepted and ready to land.Feb 27 2019, 2:34 PM
This revision was automatically updated to reflect the committed changes.