Don't double free call structure
authorSimon Wilkinson <sxw@inf.ed.ac.uk>
Sat, 16 Jan 2010 15:35:34 +0000 (15:35 +0000)
committerDerrick Brashear <shadow|account-1000005@unknown>
Sat, 16 Jan 2010 15:49:25 +0000 (07:49 -0800)
commit806423be3c55f3de91c2b836d2088eeb0f4e4665
tree2ad2cef2c8c1e17e054b766ecfb450b32b8165c2
parent3c57a1a85a2b3299b7b38557c95ff79a77dc3252
Don't double free call structure

If the rx_Read() of the number of bytes in the FetchData64 response
fails, then it sets code, and disposes of the call structure. However,
the length safety check that was added in
c7b92a3018044f7aca4d9a77644e5c06ef64d1e9 executes regardless of whether
code is set, and the call has already been freed. So we end up calling
rx_Error with a NULL call structure, and panic.

Change-Id: Ia2e341b7a9a2ddc1d656e8b8a31698c0d1771d5e
Reviewed-on: http://gerrit.openafs.org/1112
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
src/afs/afs_fetchstore.c