[CRIU] [PATCH 1/4] remote: don't read from pointer after free
Andrei Vagin
avagin at virtuozzo.com
Thu Jul 12 23:41:42 MSK 2018
CID 190778 (#1 of 1): Read from pointer after free (USE_AFTER_FREE)
7. deref_after_free: Dereferencing freed pointer rop.
Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
---
criu/img-remote.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/criu/img-remote.c b/criu/img-remote.c
index f148e23f3..a9140423b 100644
--- a/criu/img-remote.c
+++ b/criu/img-remote.c
@@ -583,8 +583,8 @@ struct roperation* handle_accept_cache_read(
if (write_reply_header(cli_fd, 0) < 0) {
pr_perror("Error writing reply header for %s:%s",
path, snapshot_id);
- free(rop);
close(rop->fd);
+ free(rop);
}
rop_set_rimg(rop, rimg);
return rop;
@@ -594,8 +594,8 @@ struct roperation* handle_accept_cache_read(
pr_info("No image %s:%s.\n", path, snapshot_id);
if (write_reply_header(cli_fd, ENOENT) < 0)
pr_perror("Error writing reply header for unexisting image");
- free(rop);
close(cli_fd);
+ free(rop);
}
return NULL;
}
--
2.14.3
More information about the CRIU
mailing list