From c50bfa1dd2c305908186e05a497f62bd792134b6 Mon Sep 17 00:00:00 2001 From: markj Date: Tue, 10 Mar 2015 20:52:03 +0000 Subject: ctf_discard(): fetch the next list element before restarting the loop. If we end up skipping a dynamic type because it has already been committed to the container, we would previously either set the loop variable to an uninitialized local variable, or set it to itself, resulting in an infinite loop. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division --- cddl/contrib/opensolaris/common/ctf/ctf_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cddl') diff --git a/cddl/contrib/opensolaris/common/ctf/ctf_create.c b/cddl/contrib/opensolaris/common/ctf/ctf_create.c index 7364814..41e81e5 100644 --- a/cddl/contrib/opensolaris/common/ctf/ctf_create.c +++ b/cddl/contrib/opensolaris/common/ctf/ctf_create.c @@ -583,10 +583,10 @@ ctf_discard(ctf_file_t *fp) return (0); /* no update required */ for (dtd = ctf_list_prev(&fp->ctf_dtdefs); dtd != NULL; dtd = ntd) { + ntd = ctf_list_prev(dtd); if (dtd->dtd_type <= fp->ctf_dtoldid) continue; /* skip types that have been committed */ - ntd = ctf_list_prev(dtd); ctf_dtd_delete(fp, dtd); } -- cgit v1.1