summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Elder <elder@inktank.com>2012-07-27 06:37:14 +0200
committerAlex Elder <elder@inktank.com>2012-10-01 21:30:48 +0200
commitd78fd7ae03136c0610bee33eeebb4ffe67c752d5 (patch)
tree7d016afa0a2aad5202384ea2b8e07e133079df03
parentrbd: make snap_names_len a u64 (diff)
downloadlinux-d78fd7ae03136c0610bee33eeebb4ffe67c752d5.tar.xz
linux-d78fd7ae03136c0610bee33eeebb4ffe67c752d5.zip
rbd: ensure invalid pointers are made null
Fix a number of spots where a pointer value that is known to have become invalid but was not reset to null. Also, toss in a change so we use sizeof (object) rather than sizeof (type). Signed-off-by: Alex Elder <elder@inktank.com> Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
-rw-r--r--drivers/block/rbd.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 02de524d4b67..e5eaa70e8826 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -568,6 +568,7 @@ err_sizes:
err_names:
kfree(header->snap_names);
header->snap_names = NULL;
+ header->snap_names_len = 0;
err_snapc:
kfree(header->snapc);
header->snapc = NULL;
@@ -631,9 +632,14 @@ done:
static void rbd_header_free(struct rbd_image_header *header)
{
kfree(header->object_prefix);
+ header->object_prefix = NULL;
kfree(header->snap_sizes);
+ header->snap_sizes = NULL;
kfree(header->snap_names);
+ header->snap_names = NULL;
+ header->snap_names_len = 0;
ceph_put_snap_context(header->snapc);
+ header->snapc = NULL;
}
/*
@@ -2418,7 +2424,10 @@ static int rbd_add_parse_args(struct rbd_device *rbd_dev,
out_err:
kfree(rbd_dev->header_name);
+ rbd_dev->header_name = NULL;
kfree(rbd_dev->image_name);
+ rbd_dev->image_name = NULL;
+ rbd_dev->image_name_len = 0;
kfree(rbd_dev->pool_name);
rbd_dev->pool_name = NULL;
@@ -2470,6 +2479,7 @@ static ssize_t rbd_add(struct bus_type *bus,
options);
if (IS_ERR(rbd_dev->rbd_client)) {
rc = PTR_ERR(rbd_dev->rbd_client);
+ rbd_dev->rbd_client = NULL;
goto err_put_id;
}