[Bug 1242] errant free in imfs_rmnod.c
rtems-bugs at rtems.org
rtems-bugs at rtems.org
Tue Aug 7 22:18:22 UTC 2007
http://www.rtems.org/bugzilla/show_bug.cgi?id=1242
------- Comment #1 from joel.sherrill at oarcorp.com 2007-08-07 17:18 -------
(In reply to comment #0)
> Near to the end of cpukit/libfs/src/imfs/imfs_rmnod.c, this code can be found:
>
> if ( the_jnode->type == IMFS_SYM_LINK ) {
> if ( the_jnode->info.sym_link.name )
> free( the_jnode->info.sym_link.name );
> }
> free( the_jnode );
>
> GCC warns about it:
> ../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c:
> In function 'IMFS_rmnod':
> ../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c:76:
> warning: passing argument 1 of 'free' discards qualifiers from pointer target
> type
>
>
> AFAIU, the_jnode->info.sym_link.name is a "const char*", i.e. it contains the
> address, but doesn't own the string.
> => the "free( the_jnode->info.sym_link.name );" is very likely wrong, and
> likely to cause memory faults.
>
Isn't it freeing the same memory that was allocated at imfs_creat.c:97?
Maybe the definition of IMFS_sym_link_t at imfs.h:59 needs to have the
const removed.
The code at imfs_creat.c:97 probably shuld just be a strdup() instead
of a complex calloc/strlen/strcpy combination also.
What do you think?
--
Configure bugmail: http://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the bugs
mailing list