From owner-svn-src-all@FreeBSD.ORG Thu Aug 4 14:18:10 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2525B1065705; Thu, 4 Aug 2011 14:18:10 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id F00AE8FC0A; Thu, 4 Aug 2011 14:18:09 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p74EI9g4064611; Thu, 4 Aug 2011 14:18:09 GMT (envelope-from emaste@svn.freebsd.org) Received: (from emaste@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p74EI9ha064609; Thu, 4 Aug 2011 14:18:09 GMT (envelope-from emaste@svn.freebsd.org) Message-Id: <201108041418.p74EI9ha064609@svn.freebsd.org> From: Ed Maste Date: Thu, 4 Aug 2011 14:18:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224650 - head/usr.bin/ar X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2011 14:18:10 -0000 Author: emaste Date: Thu Aug 4 14:18:09 2011 New Revision: 224650 URL: http://svn.freebsd.org/changeset/base/224650 Log: Don't try to free() an address returned by mmap(). This appears to be triggered by the same .o being included twice on the command line. Found by: Nima Misaghian at Sandvine Reviewed by: kientzle, kaiw Approved by: re MFC after: 1 week Modified: head/usr.bin/ar/write.c Modified: head/usr.bin/ar/write.c ============================================================================== --- head/usr.bin/ar/write.c Thu Aug 4 10:37:12 2011 (r224649) +++ head/usr.bin/ar/write.c Thu Aug 4 14:18:09 2011 (r224650) @@ -58,6 +58,7 @@ static struct ar_obj *create_obj_from_fi const char *name, time_t mtime); static void create_symtab_entry(struct bsdar *bsdar, void *maddr, size_t size); +static void free_obj(struct bsdar *bsdar, struct ar_obj *obj); static void insert_obj(struct bsdar *bsdar, struct ar_obj *obj, struct ar_obj *pos); static void read_objs(struct bsdar *bsdar, const char *archive, @@ -210,6 +211,22 @@ giveup: } /* + * Free object itself and its associated allocations. + */ +static void +free_obj(struct bsdar *bsdar, struct ar_obj *obj) +{ + if (obj->fd == -1) + free(obj->maddr); + else + if (obj->maddr != NULL && munmap(obj->maddr, obj->size)) + bsdar_warnc(bsdar, errno, + "can't munmap file: %s", obj->name); + free(obj->name); + free(obj); +} + +/* * Insert obj to the tail, or before/after the pos obj. */ static void @@ -474,11 +491,8 @@ write_archive(struct bsdar *bsdar, char *av); TAILQ_REMOVE(&bsdar->v_obj, obj, objs); - if (mode == 'd' || mode == 'r') { - free(obj->maddr); - free(obj->name); - free(obj); - } + if (mode == 'd' || mode == 'r') + free_obj(bsdar, obj); if (mode == 'm') insert_obj(bsdar, obj, pos); @@ -525,15 +539,8 @@ write_cleanup(struct bsdar *bsdar) struct ar_obj *obj, *obj_temp; TAILQ_FOREACH_SAFE(obj, &bsdar->v_obj, objs, obj_temp) { - if (obj->fd == -1) - free(obj->maddr); - else - if (obj->maddr != NULL && munmap(obj->maddr, obj->size)) - bsdar_warnc(bsdar, errno, - "can't munmap file: %s", obj->name); TAILQ_REMOVE(&bsdar->v_obj, obj, objs); - free(obj->name); - free(obj); + free_obj(bsdar, obj); } free(bsdar->as);