From 4ff5ff29d26cd028d5d78f5b764dab380fd7c9f4 Mon Sep 17 00:00:00 2001
From: George Burgess IV <gbiv@google.com>
Date: Tue, 5 Sep 2017 16:26:36 -0700
Subject: libsync: Fix a double-free.

sync_file_info, the only caller of legacy_fence_info_to_sync_file_info,
unconditionally frees legacy_info after
legacy_fence_info_to_sync_file_info is called. So, if this calloc
fails, we'll end up freeing legacy_info twice.

Bug: 27101951
Test: mma. Static analyzer complaint about double-free is gone.
Change-Id: I43bf820af9aadf30cb8eabce57416f69a8fccf89
---
 libsync/sync.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'libsync')

diff --git a/libsync/sync.c b/libsync/sync.c
index baeccda47..e65765894 100644
--- a/libsync/sync.c
+++ b/libsync/sync.c
@@ -275,7 +275,6 @@ static struct sync_file_info* legacy_fence_info_to_sync_file_info(
     info = calloc(1, sizeof(struct sync_file_info) +
                      num_fences * sizeof(struct sync_fence_info));
     if (!info) {
-        free(legacy_info);
         return NULL;
     }
     info->sync_fence_info = (__u64)(uintptr_t)(info + 1);
-- 
cgit v1.2.3