NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/54222: mount_portal(8) invalid free() after src/sbin/mount_portal/puffs_portal.c,-r1.9



The following reply was made to PR bin/54222; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/54222: mount_portal(8) invalid free() after src/sbin/mount_portal/puffs_portal.c,-r1.9
Date: Thu, 23 May 2019 06:02:32 +0700

     Date:        Wed, 22 May 2019 20:15:00 +0000 (UTC)
     From:        leot=40NetBSD.org
     Message-ID:  <20190522201500.7C5B37A1EE=40mollari.NetBSD.org>
 
 
   =7C 	No idea ATM, sorry.  As a possible workaround reverting
   =7C 	puffs_portal.c to -r1.8 avoids that.
 
 It looks to me as if this code (the original, and the mod in 1.9)
 are half baked...
 
 1.9 (in a section of code prefixed by the comment /* cheat for now */
 so one might anticipate that not all is perfect) a call was added to
 portal_node_reclaim() - which had been in the source since version 1.1
 but never called before.
 
 The objective seems to be to correctly close the file descriptor
 that was opened by an earlier added call of provide() also added in 1.9
 
 But portal_node_reclaim() also makes two calls to free() - which don't
 seem to be useful for anything added in 1.9 (nothing new was allocated)
 and, as portal_node_reclaim() was never previously called, are unlikely
 to have ever been needed.
 
 Can you try simply deleting those 2 calls to free() in portal_node_reclai=
 m()
 (almost the last two lines in puffs_portal.c) and see if that improves
 the situation.
 
 kre
 


Home | Main Index | Thread Index | Old Index