summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJiffin Tony Thottan <jthottan@gmail.com>2016-02-22 17:20:58 +0530
committerNiels de Vos <ndevos@redhat.com>2016-02-23 10:43:49 -0800
commitf3c48b4a729a56ad6e6d9b2ac0b08ce1ec0f3fc3 (patch)
tree0606498347d75d5986eca6fa31027435aa8fd3e0
parentec6eb8200e41dadc623fd2341a3c5cf8cc71dec7 (diff)
gfapi : Avoid double freeing of dict in glfs_*_*getxattr
The dict variable "xattr" is passed to glfs_getxattr_process() and glfs_listxattr_process() in glfs_*_*getxattrs(). This variable is unrefed by both functions and again in caller function which may result in segfault. So it is wrong to call dict_unref() in both glfs_*xattr_process functions. Change-Id: I227f55ebc3169f58910863c04ae536a8d789e80e BUG: 1247603 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Reviewed-on: http://review.gluster.org/13483 Smoke: Gluster Build System <jenkins@build.gluster.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com>
-rw-r--r--api/src/glfs-fops.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index cc972a41e7c..55474693731 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -3022,8 +3022,6 @@ glfs_getxattr_process (void *value, size_t size, dict_t *xattr,
memcpy (value, data->data, ret);
out:
- if (xattr)
- dict_unref (xattr);
return ret;
}
@@ -3084,6 +3082,9 @@ retry:
out:
loc_wipe (&loc);
+ if (xattr)
+ dict_unref (xattr);
+
glfs_subvol_done (fs, subvol);
__GLFS_EXIT_FS;
@@ -3164,6 +3165,8 @@ out:
fd_unref (fd);
if (glfd)
GF_REF_PUT (glfd);
+ if (xattr)
+ dict_unref (xattr);
glfs_subvol_done (glfd->fs, subvol);
@@ -3197,9 +3200,6 @@ glfs_listxattr_process (void *value, size_t size, dict_t *xattr)
}
out:
- if (xattr)
- dict_unref (xattr);
-
return ret;
}
@@ -3248,6 +3248,9 @@ retry:
out:
loc_wipe (&loc);
+ if (xattr)
+ dict_unref (xattr);
+
glfs_subvol_done (fs, subvol);
__GLFS_EXIT_FS;
@@ -3313,6 +3316,8 @@ out:
fd_unref (fd);
if (glfd)
GF_REF_PUT (glfd);
+ if (xattr)
+ dict_unref (xattr);
glfs_subvol_done (glfd->fs, subvol);