From 2d2d1fbb201ea81a54d9c9aef28345cb259eb141 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Sun, 12 Jul 2015 12:29:12 +0200 Subject: dict: dict_set_bin() should never free the pointer on error dict_set_bin() is handling the pointer that it passed inconsistently. Depending on the errors that can occur, the pointer passed to the dict can be free'd, but there is no guarantee. It is cleaner to have the caller free the pointer that allocated it and dict_set_bin() returned an error. When dict_set_bin() returned success, the given pointer will be free'd when dict_unref() calls data_destroy(). Many callers of dict_set_bin() already take care of free'ing the pointer on error. The ones that did not, are corrected with this change too. Change-Id: I39a4f7ebc0cae6d403baba99307d7ce408f25966 BUG: 1242280 Signed-off-by: Niels de Vos Reviewed-on: http://review.gluster.org/11638 Tested-by: Gluster Build System Reviewed-by: jiffin tony Thottan Reviewed-by: Raghavendra G Tested-by: NetBSD Build System --- xlators/features/bit-rot/src/stub/bit-rot-stub.c | 4 +++- xlators/features/marker/src/marker-quota.c | 22 ++++++++++++++-------- xlators/features/marker/src/marker.c | 4 +++- 3 files changed, 20 insertions(+), 10 deletions(-) (limited to 'xlators/features') diff --git a/xlators/features/bit-rot/src/stub/bit-rot-stub.c b/xlators/features/bit-rot/src/stub/bit-rot-stub.c index 2efb63e7db5..9fa16c36a9e 100644 --- a/xlators/features/bit-rot/src/stub/bit-rot-stub.c +++ b/xlators/features/bit-rot/src/stub/bit-rot-stub.c @@ -1345,8 +1345,10 @@ br_stub_getxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, op_errno = EINVAL; ret = dict_set_bin (xattr, GLUSTERFS_GET_OBJECT_SIGNATURE, (void *)sign, totallen); - if (ret < 0) + if (ret < 0) { + GF_FREE (sign); goto delkeys; + } op_errno = 0; op_ret = totallen; diff --git a/xlators/features/marker/src/marker-quota.c b/xlators/features/marker/src/marker-quota.c index 52b930fb438..84798521265 100644 --- a/xlators/features/marker/src/marker-quota.c +++ b/xlators/features/marker/src/marker-quota.c @@ -401,6 +401,12 @@ mq_update_size_xattr (call_frame_t *frame, void *cookie, xlator_t *this, goto err; } + new_dict = dict_new (); + if (!new_dict) { + errno = ENOMEM; + goto err; + } + QUOTA_ALLOC_OR_GOTO (delta, int64_t, ret, err); *delta = hton64 (local->sum - ntoh64 (*size)); @@ -410,15 +416,11 @@ mq_update_size_xattr (call_frame_t *frame, void *cookie, xlator_t *this, " path = %s diff = %"PRIu64, local->sum, ntoh64 (*size), local->loc.path, ntoh64 (*delta)); - new_dict = dict_new (); - if (!new_dict) { - errno = ENOMEM; - goto err; - } - ret = dict_set_bin (new_dict, QUOTA_SIZE_KEY, delta, 8); - if (ret) + if (ret) { + GF_FREE (delta); goto err; + } if (gf_uuid_is_null (local->loc.gfid)) gf_uuid_copy (local->loc.gfid, buf->ia_gfid); @@ -1649,6 +1651,7 @@ mq_update_parent_size (call_frame_t *frame, ret = dict_set_bin (newdict, QUOTA_SIZE_KEY, size, 8); if (ret < 0) { + GF_FREE (size); op_errno = -ret; goto err; } @@ -1776,6 +1779,7 @@ unlock: ret = dict_set_bin (newdict, contri_key, delta, 8); if (ret < 0) { + GF_FREE (delta); op_errno = -ret; ret = -1; goto err; @@ -3998,8 +4002,10 @@ mq_reduce_parent_size_xattr (call_frame_t *frame, void *cookie, xlator_t *this, *size = hton64 (-local->size); ret = dict_set_bin (dict, QUOTA_SIZE_KEY, size, 8); - if (ret < 0) + if (ret < 0) { + GF_FREE (size); goto err; + } gf_uuid_copy (local->parent_loc.gfid, local->parent_loc.inode->gfid); diff --git a/xlators/features/marker/src/marker.c b/xlators/features/marker/src/marker.c index fbe640f0feb..8d39bece01b 100644 --- a/xlators/features/marker/src/marker.c +++ b/xlators/features/marker/src/marker.c @@ -260,9 +260,11 @@ marker_getxattr_stampfile_cbk (call_frame_t *frame, xlator_t *this, ret = dict_set_bin (dict, (char *)name, vol_mark, sizeof (struct volume_mark)); - if (ret) + if (ret) { + GF_FREE (vol_mark); gf_log (this->name, GF_LOG_WARNING, "failed to set key %s", name); + } STACK_UNWIND_STRICT (getxattr, frame, 0, 0, dict, xdata); -- cgit