mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2025-01-24 00:46:39 +03:00
abd_return_buf() should call zfs_refcount_remove_many() early
Calling zfs_refcount_remove_many() after freeing memory means we pass a reference to freed memory as the holder. This is not believed to be able to cause a problem, but there is a bit of a tradition of fixing these issues when they appear so that they do not obscure more serious issues in static analyzer output, so we fix this one too. Clang's static analyzer found this with the help of CodeChecker's CTU analysis. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Closes #14043
This commit is contained in:
parent
c77d2d7415
commit
d692e6c36e
@ -667,15 +667,15 @@ abd_return_buf(abd_t *abd, void *buf, size_t n)
|
||||
{
|
||||
abd_verify(abd);
|
||||
ASSERT3U(abd->abd_size, >=, n);
|
||||
#ifdef ZFS_DEBUG
|
||||
(void) zfs_refcount_remove_many(&abd->abd_children, n, buf);
|
||||
#endif
|
||||
if (abd_is_linear(abd)) {
|
||||
ASSERT3P(buf, ==, abd_to_buf(abd));
|
||||
} else {
|
||||
ASSERT0(abd_cmp_buf(abd, buf, n));
|
||||
zio_buf_free(buf, n);
|
||||
}
|
||||
#ifdef ZFS_DEBUG
|
||||
(void) zfs_refcount_remove_many(&abd->abd_children, n, buf);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
Loading…
Reference in New Issue
Block a user