Commit 19cfba76 authored Jan 19, 2024 by Marcin Spiewak Committed by Tomasz Zawadzki Jan 19, 2024

lib/nvme: fixed use-after-free detected by Coverity



If cuse_nvme_ctrlr_update_namespaces(ctrlr_device) fails,
the cuse_nvme_ctrlr_stop(ctrlr_device) function is called. This
function frees ctrl_device, and also clears/frees bit arrays,
so there is no need to jump to clear_and_free label, as these
operations ale already done. Just return with appropriate error
code.
If there is a jump, we will try to access already freed memory
(ctrl_device->index) in line 1213

Change-Id: I4217c3783a22781feabbae9735d44479c5f511d9
Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21518


Community-CI: Mellanox Build Bot
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

parent f14b142a

lib/nvme/nvme_cuse.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -1203,8 +1203,7 @@ nvme_cuse_start(struct spdk_nvme_ctrlr *ctrlr)
		if (cuse_nvme_ctrlr_update_namespaces(ctrlr_device) < 0) {
		SPDK_ERRLOG("Cannot start CUSE namespace devices.");
		cuse_nvme_ctrlr_stop(ctrlr_device);
		rv = -1;
		goto clear_and_free;
		return -1;
		}

		return 0;