git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 259eaa9)
libafs: don't crash if afs_write() is called with zero-length uio
authorGarrett Wollman <wollman@csail.mit.edu>
Sat, 13 Aug 2011 22:34:47 +0000 (18:34 -0400)
committerDerrick Brashear <shadow@dementix.org>
Mon, 22 Aug 2011 19:13:06 +0000 (12:13 -0700)
If AFS_UIO_RESID(auio) is zero in afs_write(), we could end up
calling afsio_free(NULL).  Guard the free.  (In the alternative,
perhaps we should just osi_Assert(totalLength > 0) instead?)

Change-Id: Ic218f039e2034b679cb4817a543af2e8307f36f8
Found-by: clang static analyzer with the help of AFS_NONNULL
Reviewed-on: http://gerrit.openafs.org/5259
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>

src/afs/VNOPS/afs_vnop_write.c patch | blob | history

diff --git a/src/afs/VNOPS/afs_vnop_write.c b/src/afs/VNOPS/afs_vnop_write.c
index 90e7811..0f6007b 100644 (file)
--- a/src/afs/VNOPS/afs_vnop_write.c
+++ b/src/afs/VNOPS/afs_vnop_write.c
@@ -398,7 +398,8 @@ afs_write(struct vcache *avc, struct uio *auio, int aio,
        avc->vc_error = error;
     if (!noLock)
        ReleaseWriteLock(&avc->lock);
-    afsio_free(tuiop);
+    if (tuiop)
+       afsio_free(tuiop);
 
 #ifndef        AFS_VM_RDWR_ENV
     /*
OpenAFS Master Repository