785eb42adf
It is otherwise left dangling, and callers that request cookies always free the cookie buffer, even when VOP_READDIR(9) returns an error. This results in a double free if tmpfs_readdir() returns an error to the NFS server or the Linux getdents(2) emulation code. Reported by: pho MFC after: 1 week Security: double free of malloc(9)-backed memory Sponsored by: EMC / Isilon Storage Division |
||
|---|---|---|
| .. | ||
| tmpfs_fifoops.c | ||
| tmpfs_fifoops.h | ||
| tmpfs_subr.c | ||
| tmpfs_vfsops.c | ||
| tmpfs_vnops.c | ||
| tmpfs_vnops.h | ||
| tmpfs.h | ||