From a12de06299afd0a4d87da41d2f2df72f02c1bb20 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Mon, 17 Jul 2000 19:51:42 +0000 Subject: [PATCH] - Don't try to free mboot.bootinst before it has been allocated. If, for some reason, mboot.bootinst is not initialized to NULL at the beginning of the program, then the last commit to this would try to free whatever bogus address is in it. - Restore the behavior of free()'ing the mboot.bootinst buffer after we abuse it to determine the sector size of the disk (as clearly noted in the comments). Properly fix the double free() bug by setting the pointer to NULL after we free it. --- sbin/fdisk/fdisk.c | 4 ++-- sbin/i386/fdisk/fdisk.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sbin/fdisk/fdisk.c b/sbin/fdisk/fdisk.c index acbd6ae22701..723db8d1d414 100644 --- a/sbin/fdisk/fdisk.c +++ b/sbin/fdisk/fdisk.c @@ -299,11 +299,11 @@ main(int argc, char *argv[]) } /* (abu)use mboot.bootinst to probe for the sector size */ - if (mboot.bootinst != NULL) - free(mboot.bootinst); if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL) err(1, "cannot allocate buffer to determine disk sector size"); read_disk(0, mboot.bootinst); + free(mboot.bootinst); + mboot.bootinst = NULL; if (s_flag) { diff --git a/sbin/i386/fdisk/fdisk.c b/sbin/i386/fdisk/fdisk.c index acbd6ae22701..723db8d1d414 100644 --- a/sbin/i386/fdisk/fdisk.c +++ b/sbin/i386/fdisk/fdisk.c @@ -299,11 +299,11 @@ main(int argc, char *argv[]) } /* (abu)use mboot.bootinst to probe for the sector size */ - if (mboot.bootinst != NULL) - free(mboot.bootinst); if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL) err(1, "cannot allocate buffer to determine disk sector size"); read_disk(0, mboot.bootinst); + free(mboot.bootinst); + mboot.bootinst = NULL; if (s_flag) {