From e9acd3130374ce5d512b784310a729734e6655a5 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@redhat.com>
Date: Fri, 8 Sep 2017 18:45:12 +0200
Subject: Fix use-after-free in gf_rdma_do_reads

If iobref_new can't allocate a ref, we free the iobuf, and
then go to the cleanup part of the function, that will
run iobuf_unref a 2nd time, which trigger a warning with
coverity.

Change-Id: Ie9cf7a5d5f98244a390e44e1403c614199eb650c
BUG: 789278
Signed-off-by: Michael Scherer <misc@redhat.com>
Reviewed-on: https://review.gluster.org/18245
Smoke: Gluster Build System <jenkins@build.gluster.org>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
---
 rpc/rpc-transport/rdma/src/rdma.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'rpc')

diff --git a/rpc/rpc-transport/rdma/src/rdma.c b/rpc/rpc-transport/rdma/src/rdma.c
index 26bcce4fd99..4b3b12aae5a 100644
--- a/rpc/rpc-transport/rdma/src/rdma.c
+++ b/rpc/rpc-transport/rdma/src/rdma.c
@@ -3652,6 +3652,7 @@ gf_rdma_do_reads (gf_rdma_peer_t *peer, gf_rdma_post_t *post,
                 post->ctx.iobref = iobref_new ();
                 if (post->ctx.iobref == NULL) {
                         iobuf_unref (iobuf);
+                        iobuf = NULL;
                         goto out;
                 }
         }
-- 
cgit