git » libjio » commit b2e18b1

libjio: Fix a memory leak in jtrans_rollback()

author Alberto Bertogli
2011-02-26 21:47:21 UTC
committer Alberto Bertogli
2011-02-26 21:56:43 UTC
parent a243dffae86f5524c1b49c63a7314e19ad8228bd

libjio: Fix a memory leak in jtrans_rollback()

jtrans_rollback() creates a new transaction using the data saved by
jtrans_commit() in op->pdata as the data to commit, which is stored in
op->buf, making both point to the same location.

After applying the new transaction, we need to free it; however, jtrans_free()
assumes op->buf points to a different place than op->pdata, and attempts to
free both. Thus, to prevent a double free in the hand-crafted transaction, we
need to set one of them to NULL.

However, we currently set both to NULL, effectively leaking the memory used to
store it.

This patch fixes that bug, by simply removing one of the two assignments.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>

libjio/trans.c +5 -2

diff --git a/libjio/trans.c b/libjio/trans.c
index ed76387..a6dae51 100644
--- a/libjio/trans.c
+++ b/libjio/trans.c
@@ -546,10 +546,13 @@ ssize_t jtrans_rollback(struct jtrans *ts)
 	rv = jtrans_commit(newts);
 
 exit:
-	/* free the transaction */
+	/* Free the transaction, taking care to set buf to NULL first since
+	 * points to the same address as pdata, which would otherwise make
+	 * jtrans_free() attempt to free it twice. We leave the data at
+	 * curop->pdata since it is freed unconditionally, while the action
+	 * on curop->buf depends on the direction of the transaction. */
 	for (curop = newts->op; curop != NULL; curop = curop->next) {
 		curop->buf = NULL;
-		curop->pdata = NULL;
 	}
 	jtrans_free(newts);