From owner-svn-src-head@FreeBSD.ORG Wed Jul 3 09:28:08 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DCE7FE71; Wed, 3 Jul 2013 09:28:08 +0000 (UTC) (envelope-from uqs@FreeBSD.org) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 7AD49186A; Wed, 3 Jul 2013 09:28:08 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.7/8.14.7) with ESMTP id r639S7O9070292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 3 Jul 2013 11:28:07 +0200 (CEST) (envelope-from uqs@FreeBSD.org) Date: Wed, 3 Jul 2013 11:28:07 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Davide Italiano Subject: Re: svn commit: r252356 - in head: contrib/smbfs/mount_smbfs etc/defaults etc/mtree include lib lib/libprocstat rescue/rescue sbin/mount share/examples share/examples/etc share/mk sys/conf sys/kern sys... Message-ID: <20130703092807.GB2294@acme.spoerlein.net> Mail-Followup-To: Ulrich =?utf-8?B?U3DDtnJsZWlu?= , Davide Italiano , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201306282100.r5SL08kx093999@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201306282100.r5SL08kx093999@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2013 09:28:08 -0000 On Fri, 2013-06-28 at 21:00:08 +0000, Davide Italiano wrote: > Author: davide > Date: Fri Jun 28 21:00:08 2013 > New Revision: 252356 > URL: http://svnweb.freebsd.org/changeset/base/252356 > > Log: > - Trim an unused and bogus Makefile for mount_smbfs. > - Reconnect with some minor modifications, in particular now selsocket() > internals are adapted to use sbintime units after recent'ish calloutng > switch. yay, for reconnecting this to the build. Now Coverity Scan is "seeing" this code and there are dozens of double frees in the form: smb_rq_done(rqp); free(rqp, M_SMBFSDATA); But smb_rq_done() is already calling free(rqp). This seems easy to audit and fix. (sometimes the order is swapped, so it's a USE_AFTER_FREE instead) This is CIDs 1042109 -- 1042126, all in smbfs_smb.c. Thanks for looking into this Uli