From: Erwan Velu <erwan@redhat.com>
Date: Tue, 3 Oct 2017 08:56:09 +0000 (+0200)
Subject: client: Fixing invalid use after free()
X-Git-Tag: fio-3.2~66^2
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=7d9407b76e1fd0c2745ff097fbc4ce8442169f1d;p=fio.git

client: Fixing invalid use after free()

As per commit be6fa258, reply->opcode is now called after freeing the structure.

This patch move the check of reply->opcode before freeing reply.

Signed-off-by: Erwan Velu <erwan@redhat.com>
---

diff --git a/client.c b/client.c
index 5b409fea..42099452 100644
--- a/client.c
+++ b/client.c
@@ -1864,10 +1864,12 @@ static void request_client_etas(struct client_ops *ops)
 static int handle_cmd_timeout(struct fio_client *client,
 			      struct fio_net_cmd_reply *reply)
 {
+	uint16_t reply_opcode = reply->opcode;
+
 	flist_del(&reply->list);
 	free(reply);
 
-	if (reply->opcode != FIO_NET_CMD_SEND_ETA)
+	if (reply_opcode != FIO_NET_CMD_SEND_ETA)
 		return 1;
 
 	log_info("client <%s>: timeout on SEND_ETA\n", client->hostname);