]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
CVE-2019-13105: ext4: fix double-free in ext4_cache_read
authorPaul Emge <paulemge@forallsecure.com>
Mon, 8 Jul 2019 23:37:04 +0000 (16:37 -0700)
committerTom Rini <trini@konsulko.com>
Thu, 18 Jul 2019 15:31:28 +0000 (11:31 -0400)
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
fs/ext4/ext4fs.c

index 26db677a1f172bde1f10ac5297bf7226b6f6ba15..85dc122f30033d36d1c5d0dd0b4a61486ca49bda 100644 (file)
@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
        if (!cache->buf)
                return 0;
        if (!ext4fs_devread(block, 0, size, cache->buf)) {
-               free(cache->buf);
+               ext_cache_fini(cache);
                return 0;
        }
        cache->block = block;