From 735c9cff53bbf6f2b250a719507d7909e77c48e2 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Tue, 19 Feb 2013 17:30:14 +0000 Subject: [PATCH] libafscp: Don't free bogus ptr in ResolvPathFromVol afscp_ResolvPathFromVol makes a copy of the path passed to it using strdup. It then iterates across that, removing initial '/' characters. However, this iteration means that 'p' no longer points to the start of the allocated memory - when we free 'p', we may actually be freeing an offset into the block, which will make malloc unhappy. Make a copy of the result from strdup, and use that to free the block. Caught by clang-analyzer Change-Id: I0e7d8c7cf3b70baa4868c65fb4c3a32474557628 Reviewed-on: http://gerrit.openafs.org/9196 Reviewed-by: Derrick Brashear Tested-by: BuildBot --- src/libafscp/afscp_dir.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libafscp/afscp_dir.c b/src/libafscp/afscp_dir.c index ff0538701..b3d42b1c9 100644 --- a/src/libafscp/afscp_dir.c +++ b/src/libafscp/afscp_dir.c @@ -743,10 +743,10 @@ struct afscp_venusfid * afscp_ResolvePathFromVol(const struct afscp_volume *v, const char *path) { struct afscp_venusfid *root, *ret; - char *p; + char *origp, *p; /* so we can modify the string */ - p = strdup(path); + origp = p = strdup(path); if (p == NULL) { afscp_errno = ENOMEM; return NULL; @@ -759,6 +759,6 @@ afscp_ResolvePathFromVol(const struct afscp_volume *v, const char *path) free(root); } else ret = root; - free(p); + free(origp); return ret; } -- 2.39.5