Author: truckman
Date: Fri May 20 06:43:55 2016
New Revision: 300275
URL: https://svnweb.freebsd.org/changeset/base/300275
Log:
MFC r299592
Move a call to cam_freeccb() to avoid a use after free error and
a later double free.
Reported by: Coverity
CID: 1018507
Modified:
stable/10/usr.sbin/mptutil/mpt_cam.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/mptutil/mpt_cam.c
==============================================================================
--- stable/10/usr.sbin/mptutil/mpt_cam.c Fri May 20 06:41:26 2016
(r300274)
+++ stable/10/usr.sbin/mptutil/mpt_cam.c Fri May 20 06:43:55 2016
(r300275)
@@ -260,7 +260,6 @@ fetch_scsi_capacity(struct cam_device *d
cam_freeccb(ccb);
return (EIO);
}
- cam_freeccb(ccb);
/*
* A last block of 2^32-1 means that the true capacity is over 2TB,
@@ -269,6 +268,7 @@ fetch_scsi_capacity(struct cam_device *d
*/
if (scsi_4btoul(rcap.addr) != 0xffffffff) {
disk->maxlba = scsi_4btoul(rcap.addr);
+ cam_freeccb(ccb);
return (0);
}
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
