libafscp: Don't free bogus ptr in ResolvPathFromVol

afscp_ResolvPathFromVol makes a copy of the path passed to it using
strdup. It then iterates across that, removing initial '/' characters.
However, this iteration means that 'p' no longer points to the start
of the allocated memory - when we free 'p', we may actually be freeing
an offset into the block, which will make malloc unhappy.

Make a copy of the result from strdup, and use that to free the block.

Caught by clang-analyzer

Change-Id: I0e7d8c7cf3b70baa4868c65fb4c3a32474557628
Reviewed-on: http://gerrit.openafs.org/9196
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

diff --git a/src/libafscp/afscp_dir.c b/src/libafscp/afscp_dir.c
index ff05387..b3d42b1 100644 (file)
--- a/src/libafscp/afscp_dir.c
+++ b/src/libafscp/afscp_dir.c
@@ -743,10 +743,10 @@ struct afscp_venusfid *
 afscp_ResolvePathFromVol(const struct afscp_volume *v, const char *path)
 {
     struct afscp_venusfid *root, *ret;
-    char *p;
+    char *origp, *p;
 
     /* so we can modify the string */
-    p = strdup(path);
+    origp = p = strdup(path);
     if (p == NULL) {
        afscp_errno = ENOMEM;
        return NULL;
@@ -759,6 +759,6 @@ afscp_ResolvePathFromVol(const struct afscp_volume *v, const char *path)
        free(root);
     } else
        ret = root;
-    free(p);
+    free(origp);
     return ret;
 }