[Prism54-devel] [PATCH] double-free in isl_ioctl.c
Jens Maurer
Jens.Maurer@gmx.net
Wed, 07 Jan 2004 22:00:33 +0100
Aurelien wrote:
> I don't think I changed this behavior... As far as I remember, we have always done it this way. I think that's hvr who introduced it, after rewriting some islpci_mgt.c code. I assumed he knew what he was doing...
>
> Moreover, my commit from 2003/12/29 00:52:45 was not related to this.
> You're probalby speaking of Wed Dec 31 16:22:34 2003 UTC.
Right, sorry. I've fixed the CVS changelog.
cvs log isl_ioctl.c says:
revision 1.96
date: 2003/12/31 16:22:34; author: ajfa; state: Exp; lines: +397 -457
MGT_{S,G}ET_* macros, misc
And cvs diff -r1.95 -r1.96 isl_ioctl.c has this change:
+ islpci_mgt_queue(priv, PIMFOR_OP_GET, oid, 0, data, dlen, 0);
+ _rvalue = islpci_mgt_response(priv, oid, &_op, res,
+ &_dlen, entry);
+ if (!_rvalue)
+ islpci_mgt_release(priv, *entry);
+ if (_op == PIMFOR_OP_ERROR)
+ _rvalue = -EINVAL;
As you can see, the islpci_mgt_release() is called if the mgt_response
call was successful. Which shouldn't happen.
Jens Maurer