From c3748fa7737b6c43de2dae5d957fcff01322515c Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Wed, 23 Nov 2016 14:48:11 +0800
Subject: [PATCH] FileStore::_do_fiemap: do not reference fiemap after it is
 freed

`last` points to fiemap::fm_extends[n], and if fiemap gets freed, we can
not reference any of its fieldis. so we could remember the check result before
freeing it.

Signed-off-by: Kefu Chai <kchai@redhat.com>
---
 src/os/filestore/FileStore.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/os/filestore/FileStore.cc b/src/os/filestore/FileStore.cc
index d3f632192b5b0..1aecea9ca6a68 100644
--- a/src/os/filestore/FileStore.cc
+++ b/src/os/filestore/FileStore.cc
@@ -3158,7 +3158,6 @@ int FileStore::_do_fiemap(int fd, uint64_t offset, size_t len,
 {
   uint64_t i;
   struct fiemap_extent *extent = NULL;
-  struct fiemap_extent *last = NULL;
   struct fiemap *fiemap = NULL;
   int r = 0;
 
@@ -3182,6 +3181,7 @@ more:
 
   i = 0;
 
+  struct fiemap_extent *last = nullptr;
   while (i < fiemap->fm_mapped_extents) {
     struct fiemap_extent *next = extent + 1;
 
@@ -3204,8 +3204,9 @@ more:
     i++;
     last = extent++;
   }
+  const bool is_last = last->fe_flags & FIEMAP_EXTENT_LAST;
   free(fiemap);
-  if (!(last->fe_flags & FIEMAP_EXTENT_LAST)) {
+  if (!is_last) {
     uint64_t xoffset = last->fe_logical + last->fe_length - offset;
     offset = last->fe_logical + last->fe_length;
     len -= xoffset;
-- 
2.39.5