If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.
Let's fix this by initializing dpath and path before calling fid_to_qid().
Signed-off-by: Greg Kurz <gr...@kaod.org>
---
Thanks Paolo (and Coverity) for spotting this.
Cc'ing stable as this is a regression introduced in 2.7. It is also present
in Michael's stable-2.6-staging branch.
hw/9pfs/9p.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index dfe293d11d1c..91a497079acb 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1320,13 +1320,14 @@ static void v9fs_walk(void *opaque)
goto out_nofid;
}
+ v9fs_path_init(&dpath);
+ v9fs_path_init(&path);
+
err = fid_to_qid(pdu, fidp, &qid);
if (err < 0) {
goto out;
}
- v9fs_path_init(&dpath);
- v9fs_path_init(&path);
/*
* Both dpath and path initially poin to fidp.
* Needed to handle request with nwnames == 0
