From: Paul Emge Date: Mon, 8 Jul 2019 23:37:04 +0000 (-0700) Subject: CVE-2019-13105: ext4: fix double-free in ext4_cache_read X-Git-Url: http://git.dujemihanovic.xyz/?a=commitdiff_plain;h=6e5a79de658cb1c8012c86e0837379aa6eabd024;p=u-boot.git CVE-2019-13105: ext4: fix double-free in ext4_cache_read ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge --- diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c index 26db677a1f..85dc122f30 100644 --- a/fs/ext4/ext4fs.c +++ b/fs/ext4/ext4fs.c @@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) if (!cache->buf) return 0; if (!ext4fs_devread(block, 0, size, cache->buf)) { - free(cache->buf); + ext_cache_fini(cache); return 0; } cache->block = block;