Date: Mon, 18 Sep 1995 21:14:26 +1000 From: Bruce Evans <bde@zeta.org.au> To: hackers@freefall.freebsd.org, julian@freefall.freebsd.org Subject: Re: why is this not a bug in namei? Message-ID: <199509181114.VAA20899@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
> if ((cnp->cn_flags & HASBUF) == 0) > MALLOC(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK); >[....] It has a buffer now, although HASBUF is sometimes (usually?) not set. > if (error) { > free(cnp->cn_pnbuf, M_NAMEI); > ndp->ni_vp = NULL; > return (error); >[...] > if (error) { > FREE(cnp->cn_pnbuf, M_NAMEI); > return (error); All the frees are OK, but it isn't obvious that returning with HASBUF set is OK. Apparently namei() is never called again with the same cnp after an error, so there is no problem. Note that foofs_abortop() doesn't bother to clear HASBUF after freeing the buffer. >[....] (and more confusingly) > if ((cnp->cn_flags & ISSYMLINK) == 0) { > if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) > FREE(cnp->cn_pnbuf, M_NAMEI); > else > cnp->cn_flags |= HASBUF; > return (0); > } This is only non-error return. If HASBUF was set earlier, then you would have worry about HASBUF being set for all the error returns (or add a lot of code to clear it). The (SAVESTART | SAVENAME) case is confusing here and elsewhere. Apparently it is not necessary to clear HASBUF after freeing the buffer here. >if HASBUF was set, we have freed something we didn't allocate.. >(whenever we get an error, by the looks of it..) It seems that error handlers are required to free the buffer no matter where it was allocated and everything is supposed to ignore HASBUF (perhaps everything in *cnp?) after an error. Except if SAVESTART is set, then only the caller must free. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509181114.VAA20899>