[dm-devel] [PATCH 08/14] libmultipath: donot free *dst if REALLOC fails in, merge_words

lixiaokeng Wed, 02 Sep 2020 00:21:02 -0700

In merge_words func, if REALLOC() fails, the input *dst will
be freed. If so, mpp->hwhandler| mpp->features|mpp->selector
may be set to NULL after calling merge_words func in
disassemble_map func. This may cause accessing freed memory
problem.


Here, we donot free *dst if REALLOC() fails in merge_words func.

Signed-off-by: Zhiqiang Liu <liuzhiqian...@huawei.com>
Signed-off-by: Lixiaokeng <lixiaok...@huawei.com>
---
 libmultipath/dmparser.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libmultipath/dmparser.c b/libmultipath/dmparser.c
index c1031616..482e9d0e 100644
--- a/libmultipath/dmparser.c
+++ b/libmultipath/dmparser.c
@@ -26,13 +26,12 @@ merge_words(char **dst, const char *word)

        dstlen = strlen(*dst);
        len = dstlen + strlen(word) + 2;
-       *dst = REALLOC(*dst, len);
+       p = REALLOC(*dst, len);

-       if (!*dst) {
-               free(p);
+       if (!p)
                return 1;
-       }

+       *dst = p;
        p = *dst + dstlen;
        *p = ' ';
        ++p;
-- 

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

[dm-devel] [PATCH 08/14] libmultipath: donot free *dst if REALLOC fails in, merge_words

Reply via email to