From d78fd7ae03136c0610bee33eeebb4ffe67c752d5 Mon Sep 17 00:00:00 2001
From: Alex Elder <elder@inktank.com>
Date: Thu, 26 Jul 2012 23:37:14 -0500
Subject: [PATCH] rbd: ensure invalid pointers are made null

Fix a number of spots where a pointer value that is known to
have become invalid but was not reset to null.

Also, toss in a change so we use sizeof (object) rather than
sizeof (type).

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
---
 drivers/block/rbd.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 02de524..e5eaa70 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -568,6 +568,7 @@ err_sizes:
 err_names:
 	kfree(header->snap_names);
 	header->snap_names = NULL;
+	header->snap_names_len = 0;
 err_snapc:
 	kfree(header->snapc);
 	header->snapc = NULL;
@@ -631,9 +632,14 @@ done:
 static void rbd_header_free(struct rbd_image_header *header)
 {
 	kfree(header->object_prefix);
+	header->object_prefix = NULL;
 	kfree(header->snap_sizes);
+	header->snap_sizes = NULL;
 	kfree(header->snap_names);
+	header->snap_names = NULL;
+	header->snap_names_len = 0;
 	ceph_put_snap_context(header->snapc);
+	header->snapc = NULL;
 }
 
 /*
@@ -2418,7 +2424,10 @@ static int rbd_add_parse_args(struct rbd_device *rbd_dev,
 
 out_err:
 	kfree(rbd_dev->header_name);
+	rbd_dev->header_name = NULL;
 	kfree(rbd_dev->image_name);
+	rbd_dev->image_name = NULL;
+	rbd_dev->image_name_len = 0;
 	kfree(rbd_dev->pool_name);
 	rbd_dev->pool_name = NULL;
 
@@ -2470,6 +2479,7 @@ static ssize_t rbd_add(struct bus_type *bus,
 						options);
 	if (IS_ERR(rbd_dev->rbd_client)) {
 		rc = PTR_ERR(rbd_dev->rbd_client);
+		rbd_dev->rbd_client = NULL;
 		goto err_put_id;
 	}
 
-- 
2.7.4