From 1e8994af0fde29bb03c52c5c4a972ef8d8ddbc33 Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Tue, 21 Jun 2011 18:33:50 +1000 Subject: [PATCH] Add a very subtle bug in nfs_set_error() when nfs_set_error is called with error_string being the result of a lower layer problem so it is passed as "rpc_get_error()" This meant that since free that nfs->rpc->error_string before we reference it a few lines further down in the vasprintf(..., error_string, adn memory corruption triggers. Valgrind found this, Valgrind rules! --- examples/nfsclient-sync.c | 2 +- lib/libnfs.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/nfsclient-sync.c b/examples/nfsclient-sync.c index d4f6b0c..521bf4e 100644 --- a/examples/nfsclient-sync.c +++ b/examples/nfsclient-sync.c @@ -85,7 +85,7 @@ int main(int argc _U_, char *argv[] _U_) printf("Failed to mount nfs share : %s\n", nfs_get_error(nfs)); exit(10); } - printf("mounted share successfully\n"); + printf("mounted share successfully %s\n", nfs_get_error(nfs)); ret = nfs_stat(nfs, NFSFILE, &st); diff --git a/lib/libnfs.c b/lib/libnfs.c index 4380653..996b988 100644 --- a/lib/libnfs.c +++ b/lib/libnfs.c @@ -2865,13 +2865,13 @@ size_t nfs_get_writemax(struct nfs_context *nfs) void nfs_set_error(struct nfs_context *nfs, char *error_string, ...) { va_list ap; - char *str; + char *str = NULL; + va_start(ap, error_string); + vasprintf(&str, error_string, ap); if (nfs->rpc->error_string != NULL) { free(nfs->rpc->error_string); } - va_start(ap, error_string); - vasprintf(&str, error_string, ap); nfs->rpc->error_string = str; va_end(ap); } -- 2.34.1