git: 7597246911f8 - stable/13 - nvmecontrol wdc: Don't pass a bogus pointer to free().
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Nov 2022 18:36:58 UTC
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=7597246911f89d29294be46d2d3c84b215d3a4e9 commit 7597246911f89d29294be46d2d3c84b215d3a4e9 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-10-03 23:10:44 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-11-11 18:18:54 +0000 nvmecontrol wdc: Don't pass a bogus pointer to free(). wdc_get_dui_log_size allocates a buffer and then advances the returned pointer. Passing this advanced pointer to free() is UB, so save the original pointer to pass to free() instead. Reviewed by: imp Reported by: GCC 12 -Wfree-nonheap-object Differential Revision: https://reviews.freebsd.org/D36827 (cherry picked from commit 1187e46d1b3833b9b54867a5587904c451369515) --- sbin/nvmecontrol/modules/wdc/wdc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/nvmecontrol/modules/wdc/wdc.c b/sbin/nvmecontrol/modules/wdc/wdc.c index a60f72942186..1cae15a1e54c 100644 --- a/sbin/nvmecontrol/modules/wdc/wdc.c +++ b/sbin/nvmecontrol/modules/wdc/wdc.c @@ -268,7 +268,7 @@ static void wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, uint64_t *log_size, int len_off) { - uint8_t *hdr; + uint8_t *hdr, *tofree; uint8_t max_sections; int i, j; uint16_t hdr_ver; @@ -277,7 +277,7 @@ wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, dui_size = 0; len = 1024; - hdr = (uint8_t*)malloc(len); + tofree = hdr = (uint8_t*)malloc(len); if (hdr == NULL) errx(EX_OSERR, "Can't get buffer to read header"); wdc_get_data_dui(fd, opcode, len, 0, hdr, len); @@ -315,7 +315,7 @@ wdc_get_dui_log_size(int fd, uint32_t opcode, uint8_t data_area, errx(EX_PROTOCOL, "ERROR : No valid header "); *log_size = dui_size; - free(hdr); + free(tofree); } static void