![[RTEMS Logo]](/images/logo.png){kind=logo}
Opened on 05/07/07 at 12:08:24
Closed on 05/27/08 at 12:32:34
#1242 closed defect (fixed)
errant free in imfs_rmnod.c
| Reported by: | Ralf Corsepius | Owned by: | Joel Sherrill |
|---|---|---|---|
| Priority: | normal | Milestone: | 4.7 |
| Component: | fs | Version: | 4.7 |
| Severity: | major | Keywords: | |
| Cc: | sebastian.huber@… | Blocked By: | |
| Blocking: |
Description
Near to the end of cpukit/libfs/src/imfs/imfs_rmnod.c, this code can be found:
if ( the_jnode->type == IMFS_SYM_LINK ) {
if ( the_jnode->info.sym_link.name )
free( the_jnode->info.sym_link.name );
}
free( the_jnode );
GCC warns about it:
../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c: In function 'IMFS_rmnod':
../../../../../../../rtems.orig/c/src/../../cpukit/libfs/src/imfs/imfs_rmnod.c:76: warning: passing argument 1 of 'free' discards qualifiers from pointer target type
AFAIU, the_jnode->info.sym_link.name is a "const char*", i.e. it contains the address, but doesn't own the string.
=> the "free( the_jnode->info.sym_link.name );" is very likely wrong, and likely to cause memory faults.
Change History (2)
comment:1 Changed on 04/24/08 at 13:13:26 by Sebastian Huber
| Cc: | Sebastian Huber added |
|---|
comment:2 Changed on 05/27/08 at 12:32:34 by Sebastian Huber
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in CVS.