From 44bf0f16ee76951b1ac087614b52e7a96f411f1a Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Mon, 11 Mar 2024 02:16:39 +0300
Subject: [PATCH] Fix malloc/free in nfs_kv_read/write

---
 src/nfs_kv_read.cpp  | 13 +++++++++++--
 src/nfs_kv_write.cpp | 14 +++++++++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/nfs_kv_read.cpp b/src/nfs_kv_read.cpp
index 7937d0ba..af969ad5 100644
--- a/src/nfs_kv_read.cpp
+++ b/src/nfs_kv_read.cpp
@@ -40,6 +40,7 @@ static void nfs_kv_continue_read(nfs_kv_read_state *st, int state)
         fprintf(stderr, "BUG: invalid state in nfs_kv_continue_read()");
         abort();
     }
+resume_0:
     if (st->offset + sizeof(shared_file_header_t) < st->self->parent->kvfs->shared_inode_threshold)
     {
         kv_read_inode(st->self, st->ino, [st](int res, const std::string & value, json11::Json attrs)
@@ -86,6 +87,7 @@ resume_1:
                     read_size = st->ientry["size"].uint64_value();
                 }
                 read_size += sizeof(shared_file_header_t);
+                assert(!st->aligned_buf);
                 st->aligned_buf = (uint8_t*)malloc_or_die(read_size);
                 st->buf = st->aligned_buf + sizeof(shared_file_header_t) + st->offset;
                 st->op->iov.push_back(st->aligned_buf, read_size);
@@ -107,6 +109,8 @@ resume_1:
 resume_2:
             if (st->res < 0)
             {
+                free(st->aligned_buf);
+                st->aligned_buf = NULL;
                 auto cb = std::move(st->cb);
                 cb(st->res);
                 return;
@@ -118,8 +122,7 @@ resume_2:
                 free(st->aligned_buf);
                 st->aligned_buf = NULL;
                 st->allow_cache = false;
-                nfs_kv_continue_read(st, 0);
-                return;
+                goto resume_0;
             }
             auto cb = std::move(st->cb);
             cb(0);
@@ -128,6 +131,7 @@ resume_2:
     }
     st->aligned_offset = align_down(st->offset);
     st->aligned_size = align_up(st->offset+st->size) - st->aligned_offset;
+    assert(!st->aligned_buf);
     st->aligned_buf = (uint8_t*)malloc_or_die(st->aligned_size);
     st->buf = st->aligned_buf + st->offset - st->aligned_offset;
     st->op = new cluster_op_t;
@@ -145,6 +149,11 @@ resume_2:
     st->self->parent->cli->execute(st->op);
     return;
 resume_3:
+    if (st->res < 0)
+    {
+        free(st->aligned_buf);
+        st->aligned_buf = NULL;
+    }
     auto cb = std::move(st->cb);
     cb(st->res < 0 ? st->res : 0);
     return;
diff --git a/src/nfs_kv_write.cpp b/src/nfs_kv_write.cpp
index 125f491c..7a9cbdbe 100644
--- a/src/nfs_kv_write.cpp
+++ b/src/nfs_kv_write.cpp
@@ -305,7 +305,7 @@ static void nfs_do_shared_read(nfs_kv_write_state *st, int state)
     op->len = pre+sizeof(shared_file_header_t)+data_size+post;
     op->callback = [st, state](cluster_op_t *op)
     {
-        st->res = op->retval == op->len ? 0 : op->retval;
+        st->res = op->retval == op->len ? 0 : (op->retval > 0 ? -EIO : op->retval);
         delete op;
         if (st->shdr.magic != SHARED_FILE_MAGIC_V1 || st->shdr.inode != st->ino)
         {
@@ -316,7 +316,14 @@ static void nfs_do_shared_read(nfs_kv_write_state *st, int state)
             nfs_kv_continue_write(st, 0);
         }
         else
+        {
+            if (st->res < 0)
+            {
+                free(st->aligned_buf);
+                st->aligned_buf = NULL;
+            }
             nfs_kv_continue_write(st, state);
+        }
     };
     st->self->parent->cli->execute(op);
 }
@@ -871,6 +878,11 @@ resume_10:
             nfs_do_unshare_write(st, 11);
             return;
 resume_11:
+            if (st->aligned_buf)
+            {
+                free(st->aligned_buf);
+                st->aligned_buf = NULL;
+            }
             if (st->res < 0)
             {
                 auto cb = std::move(st->cb);