Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev Don't destroy locked mutex. Don't access freed memory.
details: https://anonhg.NetBSD.org/src/rev/58ff27c73e64
branches: trunk
changeset: 328528:58ff27c73e64
user: joerg <joerg%NetBSD.org@localhost>
date: Sun Apr 06 00:56:39 2014 +0000
description:
Don't destroy locked mutex. Don't access freed memory.
diffstat:
sys/dev/ccd.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diffs (36 lines):
diff -r 9d5448ee2bed -r 58ff27c73e64 sys/dev/ccd.c
--- a/sys/dev/ccd.c Sun Apr 06 00:54:52 2014 +0000
+++ b/sys/dev/ccd.c Sun Apr 06 00:56:39 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ccd.c,v 1.147 2014/02/25 18:30:09 pooka Exp $ */
+/* $NetBSD: ccd.c,v 1.148 2014/04/06 00:56:39 joerg Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 1999, 2007, 2009 The NetBSD Foundation, Inc.
@@ -88,7 +88,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ccd.c,v 1.147 2014/02/25 18:30:09 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ccd.c,v 1.148 2014/04/06 00:56:39 joerg Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -231,6 +231,7 @@
static void
ccddestroy(struct ccd_softc *sc) {
mutex_obj_free(sc->sc_iolock);
+ mutex_exit(&sc->sc_dvlock);
mutex_destroy(&sc->sc_dvlock);
cv_destroy(&sc->sc_stop);
cv_destroy(&sc->sc_push);
@@ -1271,7 +1272,8 @@
disk_detach(&cs->sc_dkdev);
bufq_free(cs->sc_bufq);
ccdput(cs);
- break;
+ /* Don't break, otherwise cs is read again. */
+ return 0;
case DIOCGDINFO:
*(struct disklabel *)data = *(cs->sc_dkdev.dk_label);
Home |
Main Index |
Thread Index |
Old Index