From 518dac097ec305d76fab3f0f45ce785a3849d8b5 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@fb.com>
Date: Wed, 2 Jul 2014 13:36:34 -0600
Subject: [PATCH 1/1] log: fix use-after-free

Introduced in commit cb7e0ace739c.

Signed-off-by: Jens Axboe <axboe@fb.com>
---
 backend.c | 1 +
 iolog.c   | 5 ++---
 iolog.h   | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend.c b/backend.c
index 95a7572d..448fc598 100644
--- a/backend.c
+++ b/backend.c
@@ -2047,6 +2047,7 @@ int fio_backend(void)
 				struct io_log *log = agg_io_log[i];
 
 				__finish_log(log);
+				free_log(log);
 			}
 		}
 	}
diff --git a/iolog.c b/iolog.c
index a8bead11..96afec66 100644
--- a/iolog.c
+++ b/iolog.c
@@ -581,7 +581,7 @@ static void clear_file_buffer(void *buf)
 }
 #endif
 
-static void free_log(struct io_log *log)
+void free_log(struct io_log *log)
 {
 	free(log->log);
 	free(log->filename);
@@ -623,7 +623,6 @@ void __finish_log(struct io_log *log)
 
 	fclose(f);
 	clear_file_buffer(buf);
-	free_log(log);
 }
 
 static int finish_log(struct thread_data *td, struct io_log *log, int trylock)
@@ -636,11 +635,11 @@ static int finish_log(struct thread_data *td, struct io_log *log, int trylock)
 
 	if (td->client_type == FIO_CLIENT_TYPE_GUI) {
 		fio_send_iolog(td, log, log->filename);
-		free_log(log);
 	} else
 		__finish_log(log);
 
 	fio_unlock_file(log->filename);
+	free_log(log);
 	return 0;
 }
 
diff --git a/iolog.h b/iolog.h
index 2c9b2b29..f97d91f7 100644
--- a/iolog.h
+++ b/iolog.h
@@ -171,6 +171,7 @@ extern void init_disk_util(struct thread_data *);
 extern void update_rusage_stat(struct thread_data *);
 extern void setup_log(struct io_log **, unsigned long, int, int, const char *);
 extern void __finish_log(struct io_log *);
+extern void free_log(struct io_log *);
 extern struct io_log *agg_io_log[DDIR_RWDIR_CNT];
 extern int write_bw_log;
 extern void add_agg_sample(unsigned long, enum fio_ddir, unsigned int);
-- 
2.25.1