Date: Fri, 20 May 2016 06:43:55 +0000 (UTC) From: Don Lewis <truckman@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r300275 - stable/10/usr.sbin/mptutil Message-ID: <201605200643.u4K6htf2087887@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: truckman Date: Fri May 20 06:43:55 2016 New Revision: 300275 URL: https://svnweb.freebsd.org/changeset/base/300275 Log: MFC r299592 Move a call to cam_freeccb() to avoid a use after free error and a later double free. Reported by: Coverity CID: 1018507 Modified: stable/10/usr.sbin/mptutil/mpt_cam.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/mptutil/mpt_cam.c ============================================================================== --- stable/10/usr.sbin/mptutil/mpt_cam.c Fri May 20 06:41:26 2016 (r300274) +++ stable/10/usr.sbin/mptutil/mpt_cam.c Fri May 20 06:43:55 2016 (r300275) @@ -260,7 +260,6 @@ fetch_scsi_capacity(struct cam_device *d cam_freeccb(ccb); return (EIO); } - cam_freeccb(ccb); /* * A last block of 2^32-1 means that the true capacity is over 2TB, @@ -269,6 +268,7 @@ fetch_scsi_capacity(struct cam_device *d */ if (scsi_4btoul(rcap.addr) != 0xffffffff) { disk->maxlba = scsi_4btoul(rcap.addr); + cam_freeccb(ccb); return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605200643.u4K6htf2087887>