From f3c48b4a729a56ad6e6d9b2ac0b08ce1ec0f3fc3 Mon Sep 17 00:00:00 2001 From: Jiffin Tony Thottan Date: Mon, 22 Feb 2016 17:20:58 +0530 Subject: gfapi : Avoid double freeing of dict in glfs_*_*getxattr The dict variable "xattr" is passed to glfs_getxattr_process() and glfs_listxattr_process() in glfs_*_*getxattrs(). This variable is unrefed by both functions and again in caller function which may result in segfault. So it is wrong to call dict_unref() in both glfs_*xattr_process functions. Change-Id: I227f55ebc3169f58910863c04ae536a8d789e80e BUG: 1247603 Signed-off-by: Jiffin Tony Thottan Reviewed-on: http://review.gluster.org/13483 Smoke: Gluster Build System NetBSD-regression: NetBSD Build System CentOS-regression: Gluster Build System Reviewed-by: Niels de Vos --- api/src/glfs-fops.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'api') diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c index cc972a41e7c..55474693731 100644 --- a/api/src/glfs-fops.c +++ b/api/src/glfs-fops.c @@ -3022,8 +3022,6 @@ glfs_getxattr_process (void *value, size_t size, dict_t *xattr, memcpy (value, data->data, ret); out: - if (xattr) - dict_unref (xattr); return ret; } @@ -3084,6 +3082,9 @@ retry: out: loc_wipe (&loc); + if (xattr) + dict_unref (xattr); + glfs_subvol_done (fs, subvol); __GLFS_EXIT_FS; @@ -3164,6 +3165,8 @@ out: fd_unref (fd); if (glfd) GF_REF_PUT (glfd); + if (xattr) + dict_unref (xattr); glfs_subvol_done (glfd->fs, subvol); @@ -3197,9 +3200,6 @@ glfs_listxattr_process (void *value, size_t size, dict_t *xattr) } out: - if (xattr) - dict_unref (xattr); - return ret; } @@ -3248,6 +3248,9 @@ retry: out: loc_wipe (&loc); + if (xattr) + dict_unref (xattr); + glfs_subvol_done (fs, subvol); __GLFS_EXIT_FS; @@ -3313,6 +3316,8 @@ out: fd_unref (fd); if (glfd) GF_REF_PUT (glfd); + if (xattr) + dict_unref (xattr); glfs_subvol_done (glfd->fs, subvol); -- cgit