[Crash-utility] unwind_arm.c: read_module_unwind_table free(tbl->idx) twice!

[Mika Westerberg]

On Wed, May 25, 2011 at 09:34:57PM +0300, Mika Westerberg wrote:
> On Wed, May 25, 2011 at 10:09:40AM -0400, Dave Anderson wrote:
> > 
> > 
> > ----- Original Message -----
> > > Hello Dave,
> > > 
> > > While I was investigating ARM support for CONFIG_SPARSEMEM, I noticed
> > > read_module_unwind_table in unwind_arm.c would call free(tbl->idx) twice
> > > if(!readmem(idx_start, KVADDR, tbl->idx, idx, size,
> > > "module unwind index table", RETURN_ON_ERROR))
> > > 
> > > I think you can remove free(tbl->idx) which just before "return FALSE".
> > > 
> > > Takuo
> > 
> > The ARM code is maintained by the Jan and Mika, but you are correct.
> > I also note that it would do a free(NULL) in the case of a calloc()
> > failure just above that. 
> 
> Yeah, my bad. I'll send a patch for that asap.

Here is the patch. Hope I got it right this time.

Thanks,
MW

diff --git a/unwind_arm.c b/unwind_arm.c
index 18fdad9..fd6ac65 100644
--- a/unwind_arm.c
+++ b/unwind_arm.c
@@ -185,8 +185,10 @@ init_kernel_unwind_table(void)
 
 	/* now read in the index table */
 	if (!readmem(idx_start, KVADDR, kernel_unwind_table->idx, idx_size,
-		     "master kernel unwind table", RETURN_ON_ERROR))
+		     "master kernel unwind table", RETURN_ON_ERROR)) {
+		free(kernel_unwind_table->idx);
 		goto fail;
+	}
 
 	kernel_unwind_table->start = kernel_unwind_table->idx;
 	kernel_unwind_table->end = (struct unwind_idx *)
@@ -210,7 +212,6 @@ init_kernel_unwind_table(void)
 	return TRUE;
 
 fail:
-	free(kernel_unwind_table->idx);
 	free(kernel_unwind_table);
 	return FALSE;
 }
@@ -283,7 +284,6 @@ read_module_unwind_table(struct unwind_table *tbl, ulong addr)
 
 fail:
 	FREEBUF(buf);
-	free(tbl->idx);
 	return FALSE;
 }