Author: kib
Date: Mon Feb 19 19:08:25 2018
New Revision: 329600
URL: https://svnweb.freebsd.org/changeset/base/329600

Log:
  Do not free(9) uninitialized pointer.
  
  Reported and tested by:       allanjude
  Reviewed by:  markj
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/ufs/ffs/ffs_subr.c

Modified: head/sys/ufs/ffs/ffs_subr.c
==============================================================================
--- head/sys/ufs/ffs/ffs_subr.c Mon Feb 19 19:01:46 2018        (r329599)
+++ head/sys/ufs/ffs/ffs_subr.c Mon Feb 19 19:08:25 2018        (r329600)
@@ -174,12 +174,17 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper
 
        *fsp = NULL;
        if (altsuperblock != -1) {
-               if ((ret = readsuper(devfd, fsp, altsuperblock, readfunc)) != 0)
+               ret = readsuper(devfd, fsp, altsuperblock, readfunc);
+               if (*fsp != NULL)
+                       (*fsp)->fs_csp = NULL;
+               if (ret != 0)
                        return (ret);
        } else {
                for (i = 0; sblock_try[i] != -1; i++) {
-                       if ((ret = readsuper(devfd, fsp, sblock_try[i],
-                            readfunc)) == 0)
+                       ret = readsuper(devfd, fsp, sblock_try[i], readfunc);
+                       if (*fsp != NULL)
+                               (*fsp)->fs_csp = NULL;
+                       if (ret == 0)
                                break;
                        if (ret == ENOENT)
                                continue;
@@ -188,17 +193,17 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper
                if (sblock_try[i] == -1)
                        return (ENOENT);
        }
+
        /*
-        * If not filling in summary information, NULL out fs_csp and return.
+        * Not filling in summary information, return.
         */
-       fs = *fsp;
-       if (filltype == NULL) {
-               fs->fs_csp = NULL;
+       if (filltype == NULL)
                return (0);
-       }
+
        /*
         * Read in the superblock summary information.
         */
+       fs = *fsp;
        size = fs->fs_cssize;
        blks = howmany(size, fs->fs_fsize);
        if (fs->fs_contigsumsize > 0)
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to