Date: Mon, 18 Sep 1995 21:14:26 +1000 From: Bruce Evans <bde@zeta.org.au> To: hackers@freefall.freebsd.org, julian@freefall.freebsd.org Subject: Re: why is this not a bug in namei? Message-ID: <199509181114.VAA20899@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
> if ((cnp->cn_flags & HASBUF) == 0)
> MALLOC(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
>[....]
It has a buffer now, although HASBUF is sometimes (usually?) not set.
> if (error) {
> free(cnp->cn_pnbuf, M_NAMEI);
> ndp->ni_vp = NULL;
> return (error);
>[...]
> if (error) {
> FREE(cnp->cn_pnbuf, M_NAMEI);
> return (error);
All the frees are OK, but it isn't obvious that returning with HASBUF set
is OK. Apparently namei() is never called again with the same cnp after an
error, so there is no problem. Note that foofs_abortop() doesn't bother to
clear HASBUF after freeing the buffer.
>[....] (and more confusingly)
> if ((cnp->cn_flags & ISSYMLINK) == 0) {
> if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0)
> FREE(cnp->cn_pnbuf, M_NAMEI);
> else
> cnp->cn_flags |= HASBUF;
> return (0);
> }
This is only non-error return. If HASBUF was set earlier, then you would
have worry about HASBUF being set for all the error returns (or add a lot
of code to clear it). The (SAVESTART | SAVENAME) case is confusing here
and elsewhere. Apparently it is not necessary to clear HASBUF after freeing
the buffer here.
>if HASBUF was set, we have freed something we didn't allocate..
>(whenever we get an error, by the looks of it..)
It seems that error handlers are required to free the buffer no matter
where it was allocated and everything is supposed to ignore HASBUF
(perhaps everything in *cnp?) after an error. Except if SAVESTART is
set, then only the caller must free.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509181114.VAA20899>