Hi,
I noticed a free() issue on an uninitialized pointer on a certain condition.
To reproduce:
mkdir -p /tmp/test /tmp/plop
openrsync -rx /tmp/test/ /tmp/plop/
Result:
openrsync(3470) in free(): bogus pointer (double free?) 0x7f7ffffdcdc8
Abort trap (core dumped)
The check does not match the condition checked before free(xdev);
if (sess->opts->one_file_system &&
ent->fts_statp->st_dev != st.st_dev) {
The patch below fixes it and simplifies the logic:
diff --git usr.bin/rsync/flist.c usr.bin/rsync/flist.c
index e1f41b1a108..1b3f9e40f62 100644
--- usr.bin/rsync/flist.c
+++ usr.bin/rsync/flist.c
@@ -808,7 +808,7 @@ flist_gen_dirent(struct sess *sess, char *root, struct
flist **fl, size_t *sz,
FTSENT *ent;
struct flist *f;
size_t flsz = 0, stripdir;
- dev_t *xdev;
+ dev_t *xdev = NULL;
struct stat st;
cargv[0] = root;
@@ -1008,8 +1008,7 @@ flist_gen_dirent(struct sess *sess, char *root, struct
flist **fl, size_t *sz,
rc = 1;
out:
fts_close(fts);
- if (sess->opts->one_file_system)
- free(xdev);
+ free(xdev);
return rc;
}
--
Kind regards,
Hiltjo
