From owner-freebsd-hackers  Mon Sep 18 04:39:39 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id EAA13044
          for hackers-outgoing; Mon, 18 Sep 1995 04:39:39 -0700
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id EAA13037
          ; Mon, 18 Sep 1995 04:39:23 -0700
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id VAA20899; Mon, 18 Sep 1995 21:14:26 +1000
Date: Mon, 18 Sep 1995 21:14:26 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199509181114.VAA20899@godzilla.zeta.org.au>
To: hackers@freefall.freebsd.org, julian@freefall.freebsd.org
Subject: Re: why is this not a bug in namei?
Sender: owner-hackers@FreeBSD.org
Precedence: bulk

>        if ((cnp->cn_flags & HASBUF) == 0)
>                MALLOC(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
>[....]

It has a buffer now, although HASBUF is sometimes (usually?) not set.

>        if (error) {
>                free(cnp->cn_pnbuf, M_NAMEI);
>                ndp->ni_vp = NULL;
>                return (error);
>[...]
>                if (error) {
>                        FREE(cnp->cn_pnbuf, M_NAMEI);
>                        return (error);

All the frees are OK, but it isn't obvious that returning with HASBUF set
is OK.  Apparently namei() is never called again with the same cnp after an
error, so there is no problem.  Note that foofs_abortop() doesn't bother to
clear HASBUF after freeing the buffer.

>[....] (and more confusingly)
>                if ((cnp->cn_flags & ISSYMLINK) == 0) {
>                        if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0)
>                                FREE(cnp->cn_pnbuf, M_NAMEI);
>                        else
>                                cnp->cn_flags |= HASBUF;
>                        return (0);
>                }

This is only non-error return.  If HASBUF was set earlier, then you would
have worry about HASBUF being set for all the error returns (or add a lot
of code to clear it).  The (SAVESTART | SAVENAME) case is confusing here
and elsewhere.  Apparently it is not necessary to clear HASBUF after freeing
the buffer here.

>if HASBUF was set, we have freed something we didn't allocate..
>(whenever we get an error, by the looks of it..)

It seems that error handlers are required to free the buffer no matter
where it was allocated and everything is supposed to ignore HASBUF
(perhaps everything in *cnp?) after an error.  Except if SAVESTART is
set, then only the caller must free.

Bruce