Strange "while" loop in tftp_receive since commit cf8d6bbd

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strange "while" loop in tftp_receive since commit cf8d6bbd

From:	Andrei Borzenkov
Subject:	Strange "while" loop in tftp_receive since commit cf8d6bbd
Date:	Sun, 21 Jun 2015 19:47:56 +0300

Coverity complains about double free in this function (CID 96690). This
happens here:

    case TFTP_DATA:
...
        while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 
1) == 0)
          {
...
            data->block++;
...
              grub_netbuff_free (nb_top);
          }

As far as I can tell, data->block is always incremented so condition in
while() loop can be true at most once (tftph is set outside of this
loop and so does not change). But Coverity does not know it so flags it
as double free.

In case I miss something non-obvious - what is the reason for this
loop? It had been added in cf8d6bbd but commit message does not really
explain why it was done. Code in question did not really change since
this commit, so even originally I do not understand what this change
did.

[Prev in Thread]

Current Thread

[Next in Thread]

Strange "while" loop in tftp_receive since commit cf8d6bbd, Andrei Borzenkov <=

Prev by Date: Re: [PATCH] core/partmap: Add El Torito boot catalog parsing
Next by Date: [PATCH] Fix missing byte order conversion in get_btrfs_fs_prefix function
Previous by thread: Re: [RFC PATCH 3/3] Suport for bi-endianess in elf file
Next by thread: [PATCH] Fix missing byte order conversion in get_btrfs_fs_prefix function
Index(es):
- Date
- Thread