[1/4] remote: don't read from pointer after free

Submitted by Andrey Vagin on July 12, 2018, 8:41 p.m.

Details

Message ID 20180712204145.6494-1-avagin@virtuozzo.com
State Accepted
Series "Series without cover letter"
Commit b605eb07d11356527cb77d3505363969157321dc
Headers show

Commit Message

Andrey Vagin July 12, 2018, 8:41 p.m.
CID 190778 (#1 of 1): Read from pointer after free (USE_AFTER_FREE)
7. deref_after_free: Dereferencing freed pointer rop.

Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
---
 criu/img-remote.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/img-remote.c b/criu/img-remote.c
index f148e23f3..a9140423b 100644
--- a/criu/img-remote.c
+++ b/criu/img-remote.c
@@ -583,8 +583,8 @@  struct roperation* handle_accept_cache_read(
 		if (write_reply_header(cli_fd, 0) < 0) {
 			pr_perror("Error writing reply header for %s:%s",
 				path, snapshot_id);
-			free(rop);
 			close(rop->fd);
+			free(rop);
 		}
 		rop_set_rimg(rop, rimg);
 		return rop;
@@ -594,8 +594,8 @@  struct roperation* handle_accept_cache_read(
 		pr_info("No image %s:%s.\n", path, snapshot_id);
 		if (write_reply_header(cli_fd, ENOENT) < 0)
 			pr_perror("Error writing reply header for unexisting image");
-		free(rop);
 		close(cli_fd);
+		free(rop);
 	}
 	return NULL;
 }