From 3c4c063a2fd5cc6e9ce2b5db82e2a0dfa59b2e40 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@suse.cz>
Date: Thu, 19 Jul 2012 15:05:56 +0200
Subject: Fix crash caused by freeing a stack address

The failure path of try_get_path2() erronously tried to free the "path1" value
(an address on the stack) instead of the allocated string pointed to by "path1".
This caused the library to crash.

Reported by Itay Perl
---
 lib/fuse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/fuse.c')

diff --git a/lib/fuse.c b/lib/fuse.c
index 644878b..3c7f642 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1162,7 +1162,7 @@ static int try_get_path2(struct fuse *f, fuse_ino_t nodeid1, const char *name1,
 			struct node *wn1 = wnode1 ? *wnode1 : NULL;
 
 			unlock_path(f, nodeid1, wn1, NULL, ticket);
-			free(path1);
+			free(*path1);
 			if (ticket && err != -EAGAIN)
 				release_tickets(f, nodeid1, wn1, ticket);
 		}
-- 
cgit v1.2.3