lib: Fix ssm pool double free

Remove double-free in ssm_pool_destroy — ssm_pool_close already frees
the pool. The pool sharding test had a free spbs/ptrs on partial
malloc failure. Now initializes children array to -1 to prevent
reading uninitialized values.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

2 files changed, 5 insertions, 2 deletions

diff --git a/src/lib/ssm/pool.c b/src/lib/ssm/pool.c
index 97313e7d..5c98b515 100644
--- a/src/lib/ssm/pool.c
+++ b/src/lib/ssm/pool.c
@@ -506,14 +506,12 @@ void ssm_pool_destroy(struct ssm_pool * pool)
 
         if (getpid() != pool->hdr->pid && kill(pool->hdr->pid, 0) == 0) {
                 ssm_pool_close(pool);
-                free(pool);
                 return;
         }
 
         fn = pool_filename(pool->uid);
         if (fn == NULL) {
                 ssm_pool_close(pool);
-                free(pool);
                 return;
         }
 
diff --git a/src/lib/ssm/tests/pool_sharding_test.c b/src/lib/ssm/tests/pool_sharding_test.c
index 4ecd2b9c..c53105e3 100644
--- a/src/lib/ssm/tests/pool_sharding_test.c
+++ b/src/lib/ssm/tests/pool_sharding_test.c
@@ -242,6 +242,8 @@ static int test_fallback_stealing(void)
         ptrs = malloc(total_blocks * sizeof(uint8_t *));
         if (spbs == NULL || ptrs == NULL) {
                 printf("Failed to allocate test arrays.\n");
+                free(spbs);
+                free(ptrs);
                 goto fail_pool;
         }
 
@@ -326,6 +328,9 @@ static int test_multiprocess_sharding(void)
 
         TEST_START();
 
+        for (i = 0; i < SSM_POOL_SHARDS; i++)
+                children[i] = -1;
+
         pool = ssm_pool_create(getuid(), getgid());
         if (pool == NULL) {
                 printf("Failed to create pool.\n");