di_fini() is being called in pci_device_solx_devfs_probe()
The di_fini (3DEVINFO) man page says "All handles associated with this
snapshot become invalid after the call to di_fini()". But after that,
eight lines down, the subroutine was calling di_prop_lookup_ints with
a handle args.node which was stored from walking the device tree, and
then using the pointers that returned even further down.
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
{
uint8_t config[256];
int err;
- di_node_t rnode;
- i_devnode_t args;
+ di_node_t rnode = DI_NODE_NIL;
+ i_devnode_t args = { 0, 0, 0, DI_NODE_NIL };
int *regbuf;
pci_regspec_t *reg;
int i;
uint ent = 0;
err = pci_device_solx_devfs_read( dev, config, 0, 256, & bytes );
- args.node = DI_NODE_NIL;
if ( bytes >= 64 ) {
struct pci_device_private *priv =
args.func = dev->func;
(void) di_walk_node(rnode, DI_WALK_CLDFIRST,
(void *)&args, find_target_node);
- di_fini(rnode);
}
}
if (args.node != DI_NODE_NIL) {
}
if (len <= 0)
- return (err);
+ goto cleanup;
/*
}
}
+ cleanup:
+ if (rnode != DI_NODE_NIL) {
+ di_fini(rnode);
+ }
return (err);
}