Print this page
10111 dat_dictionary_create() use after free
*** 26,36 ****
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! #pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* MODULE: dat_dictionary.c
*
--- 26,38 ----
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! /*
! * Copyright (c) 2018, Joyent, Inc.
! */
/*
*
* MODULE: dat_dictionary.c
*
*** 142,163 ****
*pp_dictionary = p_dictionary;
bail:
if (DAT_SUCCESS != status) {
if (NULL != p_dictionary) {
- dat_os_free(p_dictionary, sizeof (DAT_DICTIONARY));
-
if (NULL != p_dictionary->head) {
dat_os_free(p_dictionary->head,
sizeof (DAT_DICTIONARY_NODE));
}
if (NULL != p_dictionary->tail) {
dat_os_free(p_dictionary->tail,
sizeof (DAT_DICTIONARY_NODE));
}
}
}
return (status);
}
--- 144,166 ----
*pp_dictionary = p_dictionary;
bail:
if (DAT_SUCCESS != status) {
if (NULL != p_dictionary) {
if (NULL != p_dictionary->head) {
dat_os_free(p_dictionary->head,
sizeof (DAT_DICTIONARY_NODE));
}
if (NULL != p_dictionary->tail) {
dat_os_free(p_dictionary->tail,
sizeof (DAT_DICTIONARY_NODE));
}
+
+ dat_os_free(p_dictionary, sizeof (DAT_DICTIONARY));
}
+
}
return (status);
}