Mercurial > illumos > illumos-gate

changeset 3075:0438a69421d6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6490012 during remove daemon references memory that's already been freed.
author mcneal
date Tue, 07 Nov 2006 13:00:30 -0800
parents 7a1c351f0cb3
children 2acee41d1492
files usr/src/cmd/iscsi/iscsitgtd/util.c
diffstat 1 files changed, 9 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/iscsi/iscsitgtd/util.c	Tue Nov 07 10:43:00 2006 -0800
+++ b/usr/src/cmd/iscsi/iscsitgtd/util.c	Tue Nov 07 13:00:30 2006 -0800
@@ -1602,9 +1602,6 @@
 	 * along with the directory.
 	 */
 	if (lun_num == 0) {
-		c = xml_alloc_node(XML_ELEMENT_TARG, String, tname);
-		(void) xml_remove_child(targets_config, c, MatchBoth);
-		xml_free_node(c);
 		(void) snprintf(path, sizeof (path), "%s/%s", target_basedir,
 		    iname);
 		(void) rmdir(path);
@@ -1616,6 +1613,15 @@
 		(void) snprintf(path, sizeof (path), "%s/%s", target_basedir,
 		    tname);
 		(void) unlink(path);
+
+		/*
+		 * 'tname' is just a reference to the memory within
+		 * the targets_config structure. So once the xml_remove_child
+		 * is called 'tname' is no longer valid.
+		 */
+		c = xml_alloc_node(XML_ELEMENT_TARG, String, tname);
+		(void) xml_remove_child(targets_config, c, MatchBoth);
+		xml_free_node(c);
 	}
 
 	/*