From nobody  Thu Jul  2 14:16:36 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA10892;
          Thu, 2 Jul 1998 14:16:36 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199807022116.OAA10892@hub.freebsd.org>
Date: Thu, 2 Jul 1998 14:16:36 -0700 (PDT)
From: kmayer@freegate.com
To: freebsd-gnats-submit@freebsd.org
Subject: in libc/gen/fts.c:fts_close, free is called before pointer access
X-Send-Pr-Version: www-1.0

>Number:         7148
>Category:       bin
>Synopsis:       in libc/gen/fts.c:fts_close, free is called before pointer access
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul  2 14:20:00 PDT 1998
>Closed-Date:    Fri Jul 3 01:21:15 PDT 1998
>Last-Modified:  Fri Jul  3 01:21:30 PDT 1998
>Originator:     Ken Mayer
>Release:        2.2.6
>Organization:
FreeGate Corp
>Environment:
>Description:
fts_close calls free(sp), the ISSET(FTS_NOCHDIR) which is a macro that 
references sp. The free needs to follow ISSET
>How-To-Repeat:

>Fix:
Here's a patch:

diff -c fts.c.orig fts.c
*** fts.c.orig  Thu Jul  2 14:11:24 1998
--- fts.c       Thu Jul  2 14:15:32 1998
***************
*** 212,218 ****
        FTS *sp;
  {
        register FTSENT *freep, *p;
!       int saved_errno;
  
        /*
         * This still works if we haven't read anything -- the dummy structure
--- 212,218 ----
        FTS *sp;
  {
        register FTSENT *freep, *p;
!       int saved_errno,i;
  
        /*
         * This still works if we haven't read anything -- the dummy structure
***************
*** 241,255 ****
                (void)close(sp->fts_rfd);
        }
  
-       /* Free up the stream pointer. */
-       free(sp);
- 
        /* Set errno and return. */
        if (!ISSET(FTS_NOCHDIR) && saved_errno) {
                errno = saved_errno;
!               return (-1);
        }
!       return (0);
  }
  
  /*
--- 241,258 ----
                (void)close(sp->fts_rfd);
        }
  
        /* Set errno and return. */
        if (!ISSET(FTS_NOCHDIR) && saved_errno) {
                errno = saved_errno;
!               i = -1;
!       } else {
!               i = 0;
        }
! 
!       /* Free up the stream pointer. */
!       free(sp);
! 
!       return i;
  }
  
  /*
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Fri Jul 3 01:21:15 PDT 1998 
State-Changed-Why:  
fixed, thanks 
>Unformatted:
