diff options
| author | Richard Yao <[email protected]> | 2022-10-16 00:02:47 -0400 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2022-10-19 17:11:01 -0700 |
| commit | d692e6c36e1a9b77a7e4d2eaf5a38c7973cd9a5f (patch) | |
| tree | 28c36ca45e5ebb2d911621289f86ffafc770e6a4 | |
| parent | c77d2d741571038956ea911743608f1c6266bb2e (diff) | |
abd_return_buf() should call zfs_refcount_remove_many() early
Calling zfs_refcount_remove_many() after freeing memory means we pass a
reference to freed memory as the holder. This is not believed to be able
to cause a problem, but there is a bit of a tradition of fixing these
issues when they appear so that they do not obscure more serious issues
in static analyzer output, so we fix this one too.
Clang's static analyzer found this with the help of CodeChecker's CTU
analysis.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #14043
| -rw-r--r-- | module/zfs/abd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/module/zfs/abd.c b/module/zfs/abd.c index 11a1e5112..d4921d0ba 100644 --- a/module/zfs/abd.c +++ b/module/zfs/abd.c @@ -667,15 +667,15 @@ abd_return_buf(abd_t *abd, void *buf, size_t n) { abd_verify(abd); ASSERT3U(abd->abd_size, >=, n); +#ifdef ZFS_DEBUG + (void) zfs_refcount_remove_many(&abd->abd_children, n, buf); +#endif if (abd_is_linear(abd)) { ASSERT3P(buf, ==, abd_to_buf(abd)); } else { ASSERT0(abd_cmp_buf(abd, buf, n)); zio_buf_free(buf, n); } -#ifdef ZFS_DEBUG - (void) zfs_refcount_remove_many(&abd->abd_children, n, buf); -#endif } void |