The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=1187e46d1b3833b9b54867a5587904c451369515
commit 1187e46d1b3833b9b54867a5587904c451369515 Author: John Baldwin <[email protected]> AuthorDate: 2022-10-03 23:10:44 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2022-10-03 23:10:44 +0000 nvmecontrol wdc: Don't pass a bogus pointer to free(). wdc_get_dui_log_size allocates a buffer and then advances the returned pointer. Passing this advanced pointer to free() is UB, so save the original pointer to pass to free() instead. Reviewed by: imp Reported by: GCC 12 -Wfree-nonheap-object Differential Revision: https://reviews.freebsd.org/D36827 --- sbin/nvmecontrol/modules/wdc/wdc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/nvmecontrol/modules/wdc/wdc.c b/sbin/nvmecontrol/modules/wdc/wdc.c index a60f72942186..1cae15a1e54c 100644 --- a/sbin/nvmecontrol/modules/wdc/wdc.c +++ b/sbin/nvmecontrol/modules/wdc/wdc.c @@ -268,7 +268,7 @@ static void wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, uint64_t *log_size, int len_off) { - uint8_t *hdr; + uint8_t *hdr, *tofree; uint8_t max_sections; int i, j; uint16_t hdr_ver; @@ -277,7 +277,7 @@ wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, dui_size = 0; len = 1024; - hdr = (uint8_t*)malloc(len); + tofree = hdr = (uint8_t*)malloc(len); if (hdr == NULL) errx(EX_OSERR, "Can't get buffer to read header"); wdc_get_data_dui(fd, opcode, len, 0, hdr, len); @@ -315,7 +315,7 @@ wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, errx(EX_PROTOCOL, "ERROR : No valid header "); *log_size = dui_size; - free(hdr); + free(tofree); } static void
