[PATCH] net/nfb: fix use after free

Thomas Monjalon thomas at monjalon.net
Thu Oct 10 19:15:46 CEST 2024

Previous message (by thread): [PATCH v4 3/4] eal: add Arm WFET in power management intrinsics
Next message (by thread): [PATCH] net/nfb: fix use after free
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With the annotations added to the allocation functions,
more issues are detected at compilation time:

nfb_rx.c:133:28: error: pointer 'rxq' used after 'rte_free'

It is fixed by moving the assignment before freeing the parent pointer.

Fixes: 80da7efbb4c4 ("eal: annotate allocation functions")

Signed-off-by: Thomas Monjalon <thomas at monjalon.net>
---
 drivers/net/nfb/nfb_rx.c | 2 +-
 drivers/net/nfb/nfb_tx.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/nfb/nfb_rx.c b/drivers/net/nfb/nfb_rx.c
index f72afafe8f..462bc3b50d 100644
--- a/drivers/net/nfb/nfb_rx.c
+++ b/drivers/net/nfb/nfb_rx.c
@@ -129,7 +129,7 @@ nfb_eth_rx_queue_release(struct rte_eth_dev *dev, uint16_t qid)
 
 	if (rxq->queue != NULL) {
 		ndp_close_rx_queue(rxq->queue);
-		rte_free(rxq);
 		rxq->queue = NULL;
+		rte_free(rxq);
 	}
 }
diff --git a/drivers/net/nfb/nfb_tx.c b/drivers/net/nfb/nfb_tx.c
index a1318a4205..cf99268c43 100644
--- a/drivers/net/nfb/nfb_tx.c
+++ b/drivers/net/nfb/nfb_tx.c
@@ -108,7 +108,7 @@ nfb_eth_tx_queue_release(struct rte_eth_dev *dev, uint16_t qid)
 
 	if (txq->queue != NULL) {
 		ndp_close_tx_queue(txq->queue);
-		rte_free(txq);
 		txq->queue = NULL;
+		rte_free(txq);
 	}
 }
-- 
2.46.0

Previous message (by thread): [PATCH v4 3/4] eal: add Arm WFET in power management intrinsics
Next message (by thread): [PATCH] net/nfb: fix use after free
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list