projects
/
u-boot.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
232e2f4
)
CVE-2019-13105: ext4: fix double-free in ext4_cache_read
author
Paul Emge
<paulemge@forallsecure.com>
Mon, 8 Jul 2019 23:37:04 +0000
(16:37 -0700)
committer
Tom Rini
<trini@konsulko.com>
Thu, 18 Jul 2019 15:31:28 +0000
(11:31 -0400)
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
fs/ext4/ext4fs.c
patch
|
blob
|
history
diff --git
a/fs/ext4/ext4fs.c
b/fs/ext4/ext4fs.c
index 26db677a1f172bde1f10ac5297bf7226b6f6ba15..85dc122f30033d36d1c5d0dd0b4a61486ca49bda 100644
(file)
--- a/
fs/ext4/ext4fs.c
+++ b/
fs/ext4/ext4fs.c
@@
-286,7
+286,7
@@
int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
if (!cache->buf)
return 0;
if (!ext4fs_devread(block, 0, size, cache->buf)) {
-
free(cache->buf
);
+
ext_cache_fini(cache
);
return 0;
}
cache->block = block;