In umad.c, get_ca(), the error path when the call to
scandir() fails calls release_ca(ca) when the structure
has not yet been initialized. This can cause free() to
be called on random memory addresses.
The fix is to initialize ca->numports and ca->ports
earlier in get_ca().
Signed-off-by: Ralph Campbell <ralph.campb...@qlogic.com>
diff --git a/libibumad/src/umad.c b/libibumad/src/umad.c
index 78b956d..4f877e9 100644
--- a/libibumad/src/umad.c
+++ b/libibumad/src/umad.c
@@ -361,6 +361,8 @@ get_ca(char *ca_name, umad_ca_t *ca)
int r, i, ret;
int portnum;
+ ca->numports = 0;
+ memset(ca->ports, 0, sizeof ca->ports);
strncpy(ca->ca_name, ca_name, sizeof ca->ca_name);
snprintf(dir_name, sizeof(dir_name), "%s/%s", SYS_INFINIBAND,
@@ -394,8 +396,6 @@ get_ca(char *ca_name, umad_ca_t *ca)
}
ret = 0;
- ca->numports = 0;
- memset(ca->ports, 0, sizeof ca->ports);
for (i = 0; i < r; i++) {
portnum = 0;
if (!strcmp(".", namelist[i]->d_name) ||
_______________________________________________
ewg mailing list
ewg@lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
