Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Feb 2018 19:08:25 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r329600 - head/sys/ufs/ffs
Message-ID:  <201802191908.w1JJ8PZ2081954@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Mon Feb 19 19:08:25 2018
New Revision: 329600
URL: https://svnweb.freebsd.org/changeset/base/329600

Log:
  Do not free(9) uninitialized pointer.
  
  Reported and tested by:	allanjude
  Reviewed by:	markj
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/sys/ufs/ffs/ffs_subr.c

Modified: head/sys/ufs/ffs/ffs_subr.c
==============================================================================
--- head/sys/ufs/ffs/ffs_subr.c	Mon Feb 19 19:01:46 2018	(r329599)
+++ head/sys/ufs/ffs/ffs_subr.c	Mon Feb 19 19:08:25 2018	(r329600)
@@ -174,12 +174,17 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper
 
 	*fsp = NULL;
 	if (altsuperblock != -1) {
-		if ((ret = readsuper(devfd, fsp, altsuperblock, readfunc)) != 0)
+		ret = readsuper(devfd, fsp, altsuperblock, readfunc);
+		if (*fsp != NULL)
+			(*fsp)->fs_csp = NULL;
+		if (ret != 0)
 			return (ret);
 	} else {
 		for (i = 0; sblock_try[i] != -1; i++) {
-			if ((ret = readsuper(devfd, fsp, sblock_try[i],
-			     readfunc)) == 0)
+			ret = readsuper(devfd, fsp, sblock_try[i], readfunc);
+			if (*fsp != NULL)
+				(*fsp)->fs_csp = NULL;
+			if (ret == 0)
 				break;
 			if (ret == ENOENT)
 				continue;
@@ -188,17 +193,17 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper
 		if (sblock_try[i] == -1)
 			return (ENOENT);
 	}
+
 	/*
-	 * If not filling in summary information, NULL out fs_csp and return.
+	 * Not filling in summary information, return.
 	 */
-	fs = *fsp;
-	if (filltype == NULL) {
-		fs->fs_csp = NULL;
+	if (filltype == NULL)
 		return (0);
-	}
+
 	/*
 	 * Read in the superblock summary information.
 	 */
+	fs = *fsp;
 	size = fs->fs_cssize;
 	blks = howmany(size, fs->fs_fsize);
 	if (fs->fs_contigsumsize > 0)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802191908.w1JJ8PZ2081954>