Add a very subtle bug in nfs_set_error()

when nfs_set_error is called with error_string being the result of a lower layer
problem so it is passed as "rpc_get_error()"

This meant that since free that nfs->rpc->error_string before we reference it a few lines further down in the vasprintf(..., error_string,
adn memory corruption triggers.

Valgrind found this, Valgrind rules!

diff --git a/examples/nfsclient-sync.c b/examples/nfsclient-sync.c
index d4f6b0c0226fdc18285ce0c2fc10c67db253c71e..521bf4e1fa5a5d2c3dfdb6e6f3787bf51383b48e 100644 (file)
--- a/examples/nfsclient-sync.c
+++ b/examples/nfsclient-sync.c
@@ -85,7 +85,7 @@ int main(int argc _U_, char *argv[] _U_)
                printf("Failed to mount nfs share : %s\n", nfs_get_error(nfs));
                exit(10);
        }
-       printf("mounted share successfully\n");
+       printf("mounted share successfully %s\n", nfs_get_error(nfs));
 
 
        ret = nfs_stat(nfs, NFSFILE, &st);

diff --git a/lib/libnfs.c b/lib/libnfs.c
index 43806538d6c3cb9871f268b7a09eb604370f78ba..996b9880a91c232d8627b1470fa7b658046032d5 100644 (file)
--- a/lib/libnfs.c
+++ b/lib/libnfs.c
@@ -2865,13 +2865,13 @@ size_t nfs_get_writemax(struct nfs_context *nfs)
 void nfs_set_error(struct nfs_context *nfs, char *error_string, ...)
 {
         va_list ap;
-       char *str;
+       char *str = NULL;
 
+        va_start(ap, error_string);
+       vasprintf(&str, error_string, ap);
        if (nfs->rpc->error_string != NULL) {
                free(nfs->rpc->error_string);
        }
-        va_start(ap, error_string);
-       vasprintf(&str, error_string, ap);
        nfs->rpc->error_string = str;
         va_end(ap);
 }