- Don't try to free mboot.bootinst before it has been allocated. If, for

some reason, mboot.bootinst is not initialized to NULL at the beginning
  of the program, then the last commit to this would try to free whatever
  bogus address is in it.
- Restore the behavior of free()'ing the mboot.bootinst buffer after we
  abuse it to determine the sector size of the disk (as clearly noted in
  the comments).  Properly fix the double free() bug by setting the pointer
  to NULL after we free it.
This commit is contained in:
John Baldwin 2000-07-17 19:51:42 +00:00
parent f15da231c5
commit a12de06299
2 changed files with 4 additions and 4 deletions

View File

@ -299,11 +299,11 @@ main(int argc, char *argv[])
}
/* (abu)use mboot.bootinst to probe for the sector size */
if (mboot.bootinst != NULL)
free(mboot.bootinst);
if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL)
err(1, "cannot allocate buffer to determine disk sector size");
read_disk(0, mboot.bootinst);
free(mboot.bootinst);
mboot.bootinst = NULL;
if (s_flag)
{

View File

@ -299,11 +299,11 @@ main(int argc, char *argv[])
}
/* (abu)use mboot.bootinst to probe for the sector size */
if (mboot.bootinst != NULL)
free(mboot.bootinst);
if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL)
err(1, "cannot allocate buffer to determine disk sector size");
read_disk(0, mboot.bootinst);
free(mboot.bootinst);
mboot.bootinst = NULL;
if (s_flag)
{