Commit e96a076b authored Jul 20, 2018 by Chen Wang Committed by Ben Walker Jul 25, 2018

bdev/raid: fix the double free memory in realloc

Use free() instead of realloc() to free allocated memory.
Currently realloc() is used to free memory unintentionally. Hence
the pointer is not nullified and it has caused double free.
realloc(g_spdk_raid_config.raid_bdev_config, 0)
is equivalent to free(g_spdk_raid_config.raid_bdev_config).

Use Shuhei's patch https://review.gerrithub.io/#/c/spdk/spdk/+/420224/


as a reference.

Fixes GitHub issue #372.

Change-Id: If3b761e3ac10844f734dab9b10d202db9ddc79c0
Signed-off-by: Chen Wang <chenx.wang@intel.com>
Reviewed-on: https://review.gerrithub.io/419975


Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

parent 22637292

lib/bdev/raid/bdev_raid_rpc.c

+12 −7

Original line number	Diff line number	Diff line
		@@ -256,15 +256,20 @@ raid_bdev_config_cleanup(void)
		{
		void *temp_ptr;

		g_spdk_raid_config.total_raid_bdev--;
		if (g_spdk_raid_config.total_raid_bdev == 0) {
		free(g_spdk_raid_config.raid_bdev_config);
		g_spdk_raid_config.raid_bdev_config = NULL;
		} else {
		temp_ptr = realloc(g_spdk_raid_config.raid_bdev_config,
		sizeof(struct raid_bdev_config) * (g_spdk_raid_config.total_raid_bdev - 1));
		sizeof(struct raid_bdev_config) * (g_spdk_raid_config.total_raid_bdev));
		if (temp_ptr != NULL) {
		g_spdk_raid_config.raid_bdev_config = temp_ptr;
		} else {
		SPDK_ERRLOG("Config memory allocation failed\n");
		assert(0);
		}
		g_spdk_raid_config.total_raid_bdev--;
		}
		}

		/*