reiserfsprogs: fix use after free with fsck_progress

 fsck_progress uses fs to get the log file handle but fs is freed before
 fsck_progress is caleld when it's about to print the "finished" message.

 When glibc is run with:
 MALLOC_CHECK_=3
 MALLOC_PERTURB_=69

 as is the default on newer versions of openSUSE, it poisons freed memory
 to detect conditions like this. As a result, reiserfsck segfaults on these
 systems.

 This patch fixes fsck to close the file system after printing the completion
 message.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

1 files changed, 5 insertions, 5 deletions

diff --git a/fsck/main.c b/fsck/main.c
index 06d7bd2..64f10f7 100644
--- a/fsck/main.c
+++ b/fsck/main.c
@@ -782,8 +782,8 @@ static int the_end (reiserfs_filsys_t * fs)
     fsck_progress ("Syncing..");
     fs->fs_dirt = 1;
     clean_after_dma_check(fs->fs_dev, &dma_info);
-    reiserfs_close (fs);
     fsck_progress ("finished\n");
+    reiserfs_close (fs);
 
     return ret;
 }
@@ -935,12 +935,12 @@ static void clean_attributes (reiserfs_filsys_t * fs) {
     do_clean_attributes (fs);
 
     clean_after_dma_check(fs->fs_dev, &dma_info);
-    reiserfs_close (fs);
-    close_rollback_file ();
 
     fsck_progress ("###########\n"
 		   "reiserfsck finished at %s"
 		   "###########\n", ctime (&t));
+    reiserfs_close (fs);
+    close_rollback_file ();
 
     exit (EXIT_FIXED);
 
@@ -1171,8 +1171,6 @@ static void check_fs (reiserfs_filsys_t * fs)
         
     id_map_free(proper_id_map (fs));
     clean_after_dma_check(fs->fs_dev, &dma_info);
-    reiserfs_close (fs);
-    close_rollback_file ();
     
     //clear_relocated_list();    
     
@@ -1181,6 +1179,8 @@ static void check_fs (reiserfs_filsys_t * fs)
 		   "reiserfsck finished at %s"
 		   "###########\n", ctime (&t));
 
+    reiserfs_close (fs);
+    close_rollback_file ();
     exit(retval);
 }