From: Miklos Szeredi <mszeredi@suse.cz>
Date: Thu, 19 Jul 2012 13:05:56 +0000 (+0200)
Subject: Fix crash caused by freeing a stack address
X-Git-Tag: fuse_2_9_1~1
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=3c4c063a2fd5cc6e9ce2b5db82e2a0dfa59b2e40;p=qemu-gpiodev%2Flibfuse.git

Fix crash caused by freeing a stack address

The failure path of try_get_path2() erronously tried to free the "path1" value
(an address on the stack) instead of the allocated string pointed to by "path1".
This caused the library to crash.

Reported by Itay Perl
---

diff --git a/ChangeLog b/ChangeLog
index 987b687..4dee6e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-07-19  Miklos Szeredi <miklos@szeredi.hu>
+
+	* Fix crash caused by freeing a stack address.  Reported by Itay
+	Perl
+
 2012-07-04  Miklos Szeredi <miklos@szeredi.hu>
 
 	* Fix install of mount.fuse from out-of-tree build.  Patch by
diff --git a/lib/fuse.c b/lib/fuse.c
index 644878b..3c7f642 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1162,7 +1162,7 @@ static int try_get_path2(struct fuse *f, fuse_ino_t nodeid1, const char *name1,
 			struct node *wn1 = wnode1 ? *wnode1 : NULL;
 
 			unlock_path(f, nodeid1, wn1, NULL, ticket);
-			free(path1);
+			free(*path1);
 			if (ticket && err != -EAGAIN)
 				release_tickets(f, nodeid1, wn1, ticket);
 		}