From 48a713085690a94fb0749dc4f3138b6d9a65ea07 Mon Sep 17 00:00:00 2001
From: Tim Wickberg <tim@schedmd.com>
Date: Mon, 9 Oct 2017 18:06:57 -0600
Subject: [PATCH] Fix segfault in slurm_cred_unpack on error.

bit_fmt is a function, which is why the compiler didn't complain
that there was no bit_fmt was out of scope on the xfree. Passing
a function address to xfree() predictibly does not work very well.

Change the variable name to avoid confusion.
---
 src/common/slurm_cred.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/common/slurm_cred.c b/src/common/slurm_cred.c
index b3c075ed996..11a97a16cea 100644
--- a/src/common/slurm_cred.c
+++ b/src/common/slurm_cred.c
@@ -1292,6 +1292,7 @@ slurm_cred_unpack(Buf buffer, uint16_t protocol_version)
 {
 	uint32_t     cred_uid, len;
 	slurm_cred_t *cred = NULL;
+	char *bit_fmt_str = NULL;
 	char       **sigp;
 	uint32_t     cluster_flags = slurmdb_setup_cluster_flags();
 
@@ -1382,20 +1383,19 @@ slurm_cred_unpack(Buf buffer, uint16_t protocol_version)
 
 		if (!(cluster_flags & CLUSTER_FLAG_BG)) {
 			uint32_t tot_core_cnt;
-			char *bit_fmt = NULL;
 			safe_unpack32(&tot_core_cnt, buffer);
-			safe_unpackstr_xmalloc(&bit_fmt, &len, buffer);
+			safe_unpackstr_xmalloc(&bit_fmt_str, &len, buffer);
 			cred->job_core_bitmap =
 				bit_alloc((bitoff_t) tot_core_cnt);
-			if (bit_unfmt(cred->job_core_bitmap, bit_fmt))
+			if (bit_unfmt(cred->job_core_bitmap, bit_fmt_str))
 				goto unpack_error;
-			xfree(bit_fmt);
-			safe_unpackstr_xmalloc(&bit_fmt, &len, buffer);
+			xfree(bit_fmt_str);
+			safe_unpackstr_xmalloc(&bit_fmt_str, &len, buffer);
 			cred->step_core_bitmap =
 				bit_alloc((bitoff_t) tot_core_cnt);
-			if (bit_unfmt(cred->step_core_bitmap, bit_fmt))
+			if (bit_unfmt(cred->step_core_bitmap, bit_fmt_str))
 				goto unpack_error;
-			xfree(bit_fmt);
+			xfree(bit_fmt_str);
 			safe_unpack16(&cred->core_array_size, buffer);
 			if (cred->core_array_size) {
 				safe_unpack16_array(&cred->cores_per_socket,
@@ -1432,7 +1432,7 @@ slurm_cred_unpack(Buf buffer, uint16_t protocol_version)
 	return cred;
 
 unpack_error:
-	xfree(bit_fmt);
+	xfree(bit_fmt_str);
 	slurm_mutex_unlock(&cred->mutex);
 	slurm_cred_destroy(cred);
 	return NULL;
-- 
GitLab