Possible bug in store_dir_ufs.c

From: Guido Serassio <serassio@dont-contact.us>
Date: Sat, 23 Mar 2002 12:46:38 +0100

Hi,

Looking at line 1017 of store_dir_ufs.c I have found:

     /* buffered write */
     if (state->outbuf_offset + ss > CLEAN_BUF_SZ) {
         if (write(state->fd, state->outbuf, state->outbuf_offset) < 0) {
             debug(50, 0) ("storeDirWriteCleanLogs: %s: write: %s\n",
                 state->new, xstrerror());
             debug(20, 0) ("storeDirWriteCleanLogs: Current swap logfile
not replaced.\n");
             file_close(state->fd);
             state->fd = -1;
             unlink(state->new);
             safe_free(state); <=== Free state
             sd->log.clean.state = NULL;
             sd->log.clean.write = NULL;
         }
         state->outbuf_offset = 0; <=== Use state after
safe_free
     }

When write returns an error, we reference an unallocated structure.

Regards

Guido

-
=======================================================
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: guido.serassio@serassio.it
WWW: http://www.serassio.it
Received on Sat Mar 23 2002 - 04:46:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:53 MST