Date: Sun, 17 Sep 1995 23:40:19 -0700 From: Julian Elischer <julian> To: hackers Subject: why is this not a bug in namei? Message-ID: <199509180640.XAA05368@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
if ((cnp->cn_flags & HASBUF) == 0)
MALLOC(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
[....]
if (error) {
free(cnp->cn_pnbuf, M_NAMEI);
ndp->ni_vp = NULL;
return (error);
[...]
if (error) {
FREE(cnp->cn_pnbuf, M_NAMEI);
return (error);
[....] (and more confusingly)
if ((cnp->cn_flags & ISSYMLINK) == 0) {
if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0)
FREE(cnp->cn_pnbuf, M_NAMEI);
else
cnp->cn_flags |= HASBUF;
return (0);
}
[....]
FREE(cnp->cn_pnbuf, M_NAMEI);
}
if HASBUF was set, we have freed something we didn't allocate..
(whenever we get an error, by the looks of it..)
luckily I can't actually see anywhere that HASBUF is used
(can anyone?) but it looks wrong to me...
julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509180640.XAA05368>