summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorge Burgess IV2017-09-05 18:26:36 -0500
committerGeorge Burgess IV2017-09-05 18:26:36 -0500
commit4ff5ff29d26cd028d5d78f5b764dab380fd7c9f4 (patch)
tree283434227e4125590c2e3cd0346b6394854cb685 /libsync/sync.c
parentf899548cdb18a56db9ad0c0c5ecd1941a6b23255 (diff)
downloadplatform-system-core-4ff5ff29d26cd028d5d78f5b764dab380fd7c9f4.tar.gz
platform-system-core-4ff5ff29d26cd028d5d78f5b764dab380fd7c9f4.tar.xz
platform-system-core-4ff5ff29d26cd028d5d78f5b764dab380fd7c9f4.zip
libsync: Fix a double-free.
sync_file_info, the only caller of legacy_fence_info_to_sync_file_info, unconditionally frees legacy_info after legacy_fence_info_to_sync_file_info is called. So, if this calloc fails, we'll end up freeing legacy_info twice. Bug: 27101951 Test: mma. Static analyzer complaint about double-free is gone. Change-Id: I43bf820af9aadf30cb8eabce57416f69a8fccf89
Diffstat (limited to 'libsync/sync.c')
-rw-r--r--libsync/sync.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/libsync/sync.c b/libsync/sync.c
index baeccda47..e65765894 100644
--- a/libsync/sync.c
+++ b/libsync/sync.c
@@ -275,7 +275,6 @@ static struct sync_file_info* legacy_fence_info_to_sync_file_info(
275 info = calloc(1, sizeof(struct sync_file_info) + 275 info = calloc(1, sizeof(struct sync_file_info) +
276 num_fences * sizeof(struct sync_fence_info)); 276 num_fences * sizeof(struct sync_fence_info));
277 if (!info) { 277 if (!info) {
278 free(legacy_info);
279 return NULL; 278 return NULL;
280 } 279 }
281 info->sync_fence_info = (__u64)(uintptr_t)(info + 1); 280 info->sync_fence_info = (__u64)(uintptr_t)(info + 1);