From: Kefu Chai <kchai@redhat.com>
Date: Wed, 23 Nov 2016 06:48:11 +0000 (+0800)
Subject: FileStore::_do_fiemap: do not reference fiemap after it is freed
X-Git-Tag: v11.1.0~139^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c3748fa7737b6c43de2dae5d957fcff01322515c;p=ceph.git

FileStore::_do_fiemap: do not reference fiemap after it is freed

`last` points to fiemap::fm_extends[n], and if fiemap gets freed, we can
not reference any of its fieldis. so we could remember the check result before
freeing it.

Signed-off-by: Kefu Chai <kchai@redhat.com>
---

diff --git a/src/os/filestore/FileStore.cc b/src/os/filestore/FileStore.cc
index d3f632192b5b0..1aecea9ca6a68 100644
--- a/src/os/filestore/FileStore.cc
+++ b/src/os/filestore/FileStore.cc
@@ -3158,7 +3158,6 @@ int FileStore::_do_fiemap(int fd, uint64_t offset, size_t len,
 {
   uint64_t i;
   struct fiemap_extent *extent = NULL;
-  struct fiemap_extent *last = NULL;
   struct fiemap *fiemap = NULL;
   int r = 0;
 
@@ -3182,6 +3181,7 @@ more:
 
   i = 0;
 
+  struct fiemap_extent *last = nullptr;
   while (i < fiemap->fm_mapped_extents) {
     struct fiemap_extent *next = extent + 1;
 
@@ -3204,8 +3204,9 @@ more:
     i++;
     last = extent++;
   }
+  const bool is_last = last->fe_flags & FIEMAP_EXTENT_LAST;
   free(fiemap);
-  if (!(last->fe_flags & FIEMAP_EXTENT_LAST)) {
+  if (!is_last) {
     uint64_t xoffset = last->fe_logical + last->fe_length - offset;
     offset = last->fe_logical + last->fe_length;
     len -= xoffset;