btrfs-progs: fix double free during scanning

If there are different devices mounted to the same directory we can run
into double free issue in the scanning code and this can lead to a
crash. The dev_info_arg buffer allocation get_fs_info might be skipped,
eg. if the FS_INFO ioctl fails due to EPERM in older kernels. Reset the
pointer before each loop starts.

Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/cmds-filesystem.c b/cmds-filesystem.c
index 09cb37d..02def40 100644 (file)
--- a/cmds-filesystem.c
+++ b/cmds-filesystem.c
@@ -481,6 +481,7 @@ static int btrfs_scan_kernel(void *search, unsigned unit_mode)
                if (search && !match_search_item_kernel(fs_info_arg.fsid,
                                        mnt->mnt_dir, label, search)) {
                        kfree(dev_info_arg);
+                       dev_info_arg = NULL;
                        continue;
                }
 
@@ -496,6 +497,7 @@ static int btrfs_scan_kernel(void *search, unsigned unit_mode)
                if (fd != -1)
                        close(fd);
                kfree(dev_info_arg);
+               dev_info_arg = NULL;
        }
 
 out: