[Bug 1242] errant free in imfs_rmnod.c

rtems-bugs at rtems.org rtems-bugs at rtems.org
Tue Aug 7 22:18:22 UTC 2007


http://www.rtems.org/bugzilla/show_bug.cgi?id=1242





------- Comment #1 from joel.sherrill at oarcorp.com  2007-08-07 17:18 -------
(In reply to comment #0)
> Near to the end of cpukit/libfs/src/imfs/imfs_rmnod.c, this code can be found:
> 
>     if ( the_jnode->type == IMFS_SYM_LINK ) {
>       if ( the_jnode->info.sym_link.name )
>         free( the_jnode->info.sym_link.name );
>     }
>     free( the_jnode );
> 
> GCC warns about it:
> ../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c:
> In function 'IMFS_rmnod':
> ../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c:76:
> warning: passing argument 1 of 'free' discards qualifiers from pointer target
> type
> 
> 
> AFAIU, the_jnode->info.sym_link.name is a "const char*", i.e. it contains the
> address, but doesn't own the string.
> => the "free( the_jnode->info.sym_link.name );" is very likely wrong, and
> likely to cause memory faults.
> 

Isn't it freeing the same memory that was allocated at imfs_creat.c:97?
Maybe the definition of IMFS_sym_link_t at imfs.h:59 needs to have the
const removed.

The code at imfs_creat.c:97 probably shuld just be a strdup() instead
of a complex calloc/strlen/strcpy combination also.

What do you think?


-- 
Configure bugmail: http://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.



More information about the bugs mailing list