From 490c474aba59cf4b5aa6724fd1e82304aedec5ac Mon Sep 17 00:00:00 2001 From: Peter Keresztes Schmidt Date: Sun, 15 Oct 2017 06:36:54 +0200 Subject: [PATCH] rbd: fix crash during map Currently the iterator isn't advanced after the erase call leading to a second call on the iterator, which crashes due to a double free. Since C++11 the map::erase function returns an iterator pointing to the next element. Use the return value to set the iterator after erasing. Fixes: http://tracker.ceph.com/issues/21808 Signed-off-by: Peter Keresztes Schmidt (cherry picked from commit 9e49c4124422e58dd40dfb6038425430d3845412) --- src/tools/rbd/action/Kernel.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/rbd/action/Kernel.cc b/src/tools/rbd/action/Kernel.cc index a829c8bb0255..051c3fcf1ef3 100644 --- a/src/tools/rbd/action/Kernel.cc +++ b/src/tools/rbd/action/Kernel.cc @@ -233,7 +233,7 @@ static int do_kernel_map(const char *poolname, const char *imgname, // default and omit it even if it was specified by the user // (see ceph.git commit fb0f1986449b) if (it->first == "rw" && it->second == "rw") { - map_options.erase(it); + it = map_options.erase(it); } else { if (it != map_options.begin()) oss << ","; -- 2.47.3