From 73d6a2c0ee42bd7689511ce8db86cfbbc33c789b Mon Sep 17 00:00:00 2001 From: Radostin Stoyanov Date: Thu, 27 Jan 2022 14:49:41 +0000 Subject: [PATCH] test/autofs: fix use-after-free autofs.c:66:17: error: pointer 'str' may be used after 'realloc' [-Werror=use-after-free] autofs.c: In function 'check_automount': ../lib/zdtmtst.h:131:9: error: pointer 'mountpoint' may be used after 'free' [-Werror=use-after-free] 131 | test_msg("ERR: %s:%d: " format " (errno = %d (%s))\n", __FILE__, __LINE__, ##arg, errno, strerror(errno)) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ autofs.c:277:17: note: in expansion of macro 'pr_perror' 277 | pr_perror("%s: failed to close fd %d", mountpoint, p->fd); | ^~~~~~~~~ autofs.c:268:9: note: call to 'free' here 268 | free(mountpoint); | ^~~~~~~~~~~~~~~~ Fixes: #1731 v2: (@Snorch) always update `str` after successful realloc() Signed-off-by: Radostin Stoyanov --- test/zdtm/static/autofs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/zdtm/static/autofs.c b/test/zdtm/static/autofs.c index 2d6078627..ad1795842 100644 --- a/test/zdtm/static/autofs.c +++ b/test/zdtm/static/autofs.c @@ -47,6 +47,7 @@ static char *xvstrcat(char *str, const char *fmt, va_list args) ret = -ENOMEM; new = realloc(str, offset + delta); if (new) { + str = new; va_copy(tmp, args); ret = vsnprintf(new + offset, delta, fmt, tmp); va_end(tmp); @@ -54,7 +55,6 @@ static char *xvstrcat(char *str, const char *fmt, va_list args) /* NOTE: vsnprintf returns the amount of bytes * * to allocate. */ delta = ret + 1; - str = new; ret = 0; } } @@ -266,6 +266,7 @@ static int check_automount(struct autofs_params *p) return err; free(mountpoint); + mountpoint = NULL; err = p->setup(p); if (err) { @@ -274,7 +275,7 @@ static int check_automount(struct autofs_params *p) } if (close(p->fd)) { - pr_perror("%s: failed to close fd %d", mountpoint, p->fd); + pr_perror("mountpoint failed to close fd %d", p->fd); return -errno; }