summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSander Vrijders <[email protected]>2017-03-25 11:28:12 +0000
committerdimitri staessens <[email protected]>2017-03-25 11:28:12 +0000
commit0a75074b15f66a60496d196c0759d33afa3c8b18 (patch)
treead1dec3d3cc797918188763381a3b91e206479b0
parent1d9061666656ba1cc5a5c72fcc564a3a45b2dd8a (diff)
parent0bbd4b30d618acd50bf2d6d09facf3e5f814e4ff (diff)
downloadouroboros-0a75074b15f66a60496d196c0759d33afa3c8b18.tar.gz
ouroboros-0a75074b15f66a60496d196c0759d33afa3c8b18.zip
Merged in sandervrijders/ouroboros/be-double-free (pull request #424)
ipcpd: normal: Avoid double free
-rw-r--r--src/ipcpd/normal/fmgr.c6
-rw-r--r--src/ipcpd/normal/frct.c1
-rw-r--r--src/ipcpd/normal/shm_pci.c2
3 files changed, 4 insertions, 5 deletions
diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c
index 8cefd317..d2966d0c 100644
--- a/src/ipcpd/normal/fmgr.c
+++ b/src/ipcpd/normal/fmgr.c
@@ -489,11 +489,13 @@ int fmgr_np1_alloc(int fd,
cep_id = frct_i_create(addr, &buf, cube);
if (cep_id == INVALID_CEP_ID) {
- free(buf.data);
pthread_rwlock_unlock(&fmgr.np1_flows_lock);
+ free(buf.data);
return -1;
}
+ free(buf->data);
+
fmgr.np1_fd_to_cep_id[fd] = cep_id;
fmgr.np1_cep_id_to_fd[cep_id] = fd;
@@ -721,14 +723,12 @@ int fmgr_nm1_write_buf(struct pci * pci,
fd = pff_nhop(fmgr.pff[pci->qos_id], pci->dst_addr);
if (fd < 0) {
log_err("Could not get nhop for address %lu", pci->dst_addr);
- free(buf->data);
return -1;
}
buffer = shm_pci_ser_buf(buf, pci);
if (buffer == NULL) {
log_err("Failed to serialize buffer.");
- free(buf->data);
return -1;
}
diff --git a/src/ipcpd/normal/frct.c b/src/ipcpd/normal/frct.c
index 62cbf9f7..8bf080ce 100644
--- a/src/ipcpd/normal/frct.c
+++ b/src/ipcpd/normal/frct.c
@@ -280,6 +280,7 @@ cep_id_t frct_i_create(uint64_t address,
pthread_mutex_unlock(&frct.instances_lock);
return INVALID_CEP_ID;
}
+
id = instance->cep_id;
instance->cube = cube;
pthread_mutex_unlock(&frct.instances_lock);
diff --git a/src/ipcpd/normal/shm_pci.c b/src/ipcpd/normal/shm_pci.c
index 1170adff..001463eb 100644
--- a/src/ipcpd/normal/shm_pci.c
+++ b/src/ipcpd/normal/shm_pci.c
@@ -188,8 +188,6 @@ buffer_t * shm_pci_ser_buf(buffer_t * buf,
memcpy(buffer->data + pci_info.head_size,
buf->data, buf->len);
- free(buf->data);
-
if (pci_info.dtc.has_chk)
crc32((uint32_t *) (buffer->data +
pci_info.head_size + buf->len),