Reviewed by: Matt Ahrens <[email protected]> Reviewed by: Serapheim Dimitropoulos <[email protected]>
There are cases where sa_get_one_zfs_share() of libshare doens't fill in all the paths[] due to a specific handle being NULL and returns SA_SYSTEM_ERR. Currently regardless of whether this error is returned or not we always free each of those paths in sa_init_impl() which can lead to a double-freeing fault. Since sa_get_one_zfs_share() is also the function that allocates the memory that will later be pointed by paths[], it should also be responsible for freeing any no-null elements of that array in the case of error and also set paths_len to 0 so the caller doesn't attempt to do anything wrong. Upstream bugs: DLPX-53732 Upstream Original Title: libshare can cause free of non-allocated space when pools are faulted You can view, comment on, or merge this pull request online at: https://github.com/openzfs/openzfs/pull/473 -- Commit Summary -- * 8565 zpool dumps core trying to destroy unavail/faulted pool and try export it -- File Changes -- M usr/src/lib/libshare/common/libshare_zfs.c (15) -- Patch Links -- https://github.com/openzfs/openzfs/pull/473.patch https://github.com/openzfs/openzfs/pull/473.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/openzfs/openzfs/pull/473 ------------------------------------------ openzfs-developer Archives: https://openzfs.topicbox.com/groups/developer/discussions/Tcc0964d15893ff46-M5dfabd3053faf45431f6d836 Powered by Topicbox: https://topicbox.com
