From 2d2d1fbb201ea81a54d9c9aef28345cb259eb141 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Sun, 12 Jul 2015 12:29:12 +0200 Subject: dict: dict_set_bin() should never free the pointer on error dict_set_bin() is handling the pointer that it passed inconsistently. Depending on the errors that can occur, the pointer passed to the dict can be free'd, but there is no guarantee. It is cleaner to have the caller free the pointer that allocated it and dict_set_bin() returned an error. When dict_set_bin() returned success, the given pointer will be free'd when dict_unref() calls data_destroy(). Many callers of dict_set_bin() already take care of free'ing the pointer on error. The ones that did not, are corrected with this change too. Change-Id: I39a4f7ebc0cae6d403baba99307d7ce408f25966 BUG: 1242280 Signed-off-by: Niels de Vos Reviewed-on: http://review.gluster.org/11638 Tested-by: Gluster Build System Reviewed-by: jiffin tony Thottan Reviewed-by: Raghavendra G Tested-by: NetBSD Build System --- xlators/cluster/ec/src/ec-helpers.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'xlators/cluster/ec/src/ec-helpers.c') diff --git a/xlators/cluster/ec/src/ec-helpers.c b/xlators/cluster/ec/src/ec-helpers.c index 372633df6be..aec0831ffc3 100644 --- a/xlators/cluster/ec/src/ec-helpers.c +++ b/xlators/cluster/ec/src/ec-helpers.c @@ -161,6 +161,7 @@ size_t ec_iov_copy_to(void * dst, struct iovec * vector, int32_t count, int32_t ec_dict_set_array(dict_t *dict, char *key, uint64_t value[], int32_t size) { + int ret = -1; uint64_t *ptr = NULL; int32_t vindex; if (value == NULL) @@ -172,7 +173,10 @@ int32_t ec_dict_set_array(dict_t *dict, char *key, uint64_t value[], for (vindex = 0; vindex < size; vindex++) { ptr[vindex] = hton64(value[vindex]); } - return dict_set_bin(dict, key, ptr, sizeof(uint64_t) * size); + ret = dict_set_bin(dict, key, ptr, sizeof(uint64_t) * size); + if (ret) + GF_FREE (ptr); + return ret; } @@ -214,6 +218,7 @@ int32_t ec_dict_del_array(dict_t *dict, char *key, uint64_t value[], int32_t ec_dict_set_number(dict_t * dict, char * key, uint64_t value) { + int ret = -1; uint64_t * ptr; ptr = GF_MALLOC(sizeof(value), gf_common_mt_char); @@ -224,7 +229,11 @@ int32_t ec_dict_set_number(dict_t * dict, char * key, uint64_t value) *ptr = hton64(value); - return dict_set_bin(dict, key, ptr, sizeof(value)); + ret = dict_set_bin(dict, key, ptr, sizeof(value)); + if (ret) + GF_FREE (ptr); + + return ret; } int32_t ec_dict_del_number(dict_t * dict, char * key, uint64_t * value) @@ -247,6 +256,7 @@ int32_t ec_dict_del_number(dict_t * dict, char * key, uint64_t * value) int32_t ec_dict_set_config(dict_t * dict, char * key, ec_config_t * config) { + int ret = -1; uint64_t * ptr, data; if (config->version > EC_CONFIG_VERSION) @@ -274,7 +284,11 @@ int32_t ec_dict_set_config(dict_t * dict, char * key, ec_config_t * config) *ptr = hton64(data); - return dict_set_bin(dict, key, ptr, sizeof(uint64_t)); + ret = dict_set_bin(dict, key, ptr, sizeof(uint64_t)); + if (ret) + GF_FREE (ptr); + + return ret; } int32_t ec_dict_del_config(dict_t * dict, char * key, ec_config_t * config) -- cgit