From f70f4b8568316db2901b3ae7b17acbe0d2f9e221 Mon Sep 17 00:00:00 2001
From: Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
Date: Mon, 19 Mar 2018 17:14:15 +0100
Subject: [PATCH] lib/event: do not clobber g_spdk_app on failed init

This fixes a double free in spdk_app_fini().
If spdk_app_start() failed, the g_spdk_app.config
was becoming a dangling pointer which would be
accessed and freed by spdk_app_fini()

Change-Id: Ifa833f5706d391356df39db4e1c538db7a1c7dcb
Signed-off-by: Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
Reviewed-on: https://review.gerrithub.io/404358
Tested-by: SPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: Daniel Verkamp <daniel.verkamp@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 lib/event/app.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/event/app.c b/lib/event/app.c
index 3ac1e7fec..34247cfec 100644
--- a/lib/event/app.c
+++ b/lib/event/app.c
@@ -334,15 +334,10 @@ spdk_app_start(struct spdk_app_opts *opts, spdk_event_fn start_fn,
 		}
 	}
 
-	memset(&g_spdk_app, 0, sizeof(g_spdk_app));
-	g_spdk_app.config = config;
-	g_spdk_app.shm_id = opts->shm_id;
-	g_spdk_app.shutdown_cb = opts->shutdown_cb;
-
 	spdk_log_set_level(SPDK_APP_DEFAULT_LOG_PRIORITY);
 	spdk_log_open();
 
-	sp = spdk_conf_find_section(g_spdk_app.config, "Global");
+	sp = spdk_conf_find_section(config, "Global");
 	if (opts->reactor_mask == NULL) {
 		if (sp && spdk_conf_section_get_val(sp, "ReactorMask")) {
 			opts->reactor_mask = spdk_conf_section_get_val(sp, "ReactorMask");
@@ -400,7 +395,7 @@ spdk_app_start(struct spdk_app_opts *opts, spdk_event_fn start_fn,
 	}
 
 	if (opts->tpoint_group_mask == NULL) {
-		sp = spdk_conf_find_section(g_spdk_app.config, "Global");
+		sp = spdk_conf_find_section(config, "Global");
 		if (sp != NULL) {
 			opts->tpoint_group_mask = spdk_conf_section_get_val(sp, "TpointGroupMask");
 		}
@@ -425,6 +420,10 @@ spdk_app_start(struct spdk_app_opts *opts, spdk_event_fn start_fn,
 		goto app_start_trace_cleanup_err;
 	}
 
+	memset(&g_spdk_app, 0, sizeof(g_spdk_app));
+	g_spdk_app.config = config;
+	g_spdk_app.shm_id = opts->shm_id;
+	g_spdk_app.shutdown_cb = opts->shutdown_cb;
 	g_spdk_app.rc = 0;
 	g_init_lcore = spdk_env_get_current_core();
 	g_app_start_fn = start_fn;