From: Guoqing Jiang <gqjiang@suse.com>
Date: Mon, 27 Aug 2018 03:10:52 +0000 (+0800)
Subject: Assemble: set devices to NULL when load_devices can't load device
X-Git-Tag: mdadm-4.1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=783a4a93b9f01d1e9de98ea7d318a7885382cefa;p=thirdparty%2Fmdadm.git

Assemble: set devices to NULL when load_devices can't load device

Since load_devices frees "devices" when it can't find any
device, we should set it to NULL to avoid double free issue
which can be reproduced by below steps:

mdadm -CR /dev/md/vol -l0 -e 1.2 -n2 /dev/sd[b-c] --assume-clean
mdadm -Ss
mdadm -A /dev/md127 /dev/sd[b-c] --update metadata

Reported-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Tested-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
---

diff --git a/Assemble.c b/Assemble.c
index 02641900..a79466c6 100644
--- a/Assemble.c
+++ b/Assemble.c
@@ -1539,6 +1539,11 @@ try_again:
 			      &most_recent, &bestcnt, &best, inargv);
 	if (devcnt < 0) {
 		mdfd = -3;
+		/*
+		 * devices is already freed in load_devices, so set devices
+		 * to NULL to avoid double free devices.
+		 */
+		devices = NULL;
 		goto out;
 	}