Date: Thu, 2 Jul 1998 14:16:36 -0700 (PDT) From: kmayer@freegate.com To: freebsd-gnats-submit@FreeBSD.ORG Subject: bin/7148: in libc/gen/fts.c:fts_close, free is called before pointer access Message-ID: <199807022116.OAA10892@hub.freebsd.org>
index | next in thread | raw e-mail
>Number: 7148
>Category: bin
>Synopsis: in libc/gen/fts.c:fts_close, free is called before pointer access
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 2 14:20:00 PDT 1998
>Last-Modified:
>Originator: Ken Mayer
>Organization:
FreeGate Corp
>Release: 2.2.6
>Environment:
>Description:
fts_close calls free(sp), the ISSET(FTS_NOCHDIR) which is a macro that
references sp. The free needs to follow ISSET
>How-To-Repeat:
>Fix:
Here's a patch:
diff -c fts.c.orig fts.c
*** fts.c.orig Thu Jul 2 14:11:24 1998
--- fts.c Thu Jul 2 14:15:32 1998
***************
*** 212,218 ****
FTS *sp;
{
register FTSENT *freep, *p;
! int saved_errno;
/*
* This still works if we haven't read anything -- the dummy structure
--- 212,218 ----
FTS *sp;
{
register FTSENT *freep, *p;
! int saved_errno,i;
/*
* This still works if we haven't read anything -- the dummy structure
***************
*** 241,255 ****
(void)close(sp->fts_rfd);
}
- /* Free up the stream pointer. */
- free(sp);
-
/* Set errno and return. */
if (!ISSET(FTS_NOCHDIR) && saved_errno) {
errno = saved_errno;
! return (-1);
}
! return (0);
}
/*
--- 241,258 ----
(void)close(sp->fts_rfd);
}
/* Set errno and return. */
if (!ISSET(FTS_NOCHDIR) && saved_errno) {
errno = saved_errno;
! i = -1;
! } else {
! i = 0;
}
!
! /* Free up the stream pointer. */
! free(sp);
!
! return i;
}
/*
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807022116.OAA10892>