From b2e18b1fefc2b51baf70d5e1a5c41567214ebfe4 Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Sat, 26 Feb 2011 21:47:21 +0000 Subject: [PATCH 14/24] libjio: Fix a memory leak in jtrans_rollback() jtrans_rollback() creates a new transaction using the data saved by jtrans_commit() in op->pdata as the data to commit, which is stored in op->buf, making both point to the same location. After applying the new transaction, we need to free it; however, jtrans_free() assumes op->buf points to a different place than op->pdata, and attempts to free both. Thus, to prevent a double free in the hand-crafted transaction, we need to set one of them to NULL. However, we currently set both to NULL, effectively leaking the memory used to store it. This patch fixes that bug, by simply removing one of the two assignments. Signed-off-by: Alberto Bertogli --- libjio/trans.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libjio/trans.c b/libjio/trans.c index ed76387..a6dae51 100644 --- a/libjio/trans.c +++ b/libjio/trans.c @@ -546,10 +546,13 @@ ssize_t jtrans_rollback(struct jtrans *ts) rv = jtrans_commit(newts); exit: - /* free the transaction */ + /* Free the transaction, taking care to set buf to NULL first since + * points to the same address as pdata, which would otherwise make + * jtrans_free() attempt to free it twice. We leave the data at + * curop->pdata since it is freed unconditionally, while the action + * on curop->buf depends on the direction of the transaction. */ for (curop = newts->op; curop != NULL; curop = curop->next) { curop->buf = NULL; - curop->pdata = NULL; } jtrans_free(newts); -- 1.6.2.2.646.gb214