Global superblock pointer 'ubifs_sb' and volume pointer 'ubi' of type
struct ubi_volume_desc in private member sb->s_fs_info of type struct
ubifs_info, can be allocated and freed at runtime, and allocated and
freed again, depending which console or script commands are run. In
some cases ubifs_sb is even tested to determine if the filesystem is
mounted. Reset those pointers to NULL after free to clearly mark them
as not valid. This avoids potential double free on invalid pointers.
(The ubifs_sb pointer was already reset, but that statement was moved
now to directly after the free() to make it easier to understand.)
Signed-off-by: Alexander Dahl <ada@thorsis.com>
ubifs_debugging_exit(c);
#ifdef __UBOOT__
ubi_close_volume(c->ubi);
+ c->ubi = NULL;
mutex_unlock(&c->umount_mutex);
/* Finally free U-Boot's global copy of superblock */
if (ubifs_sb != NULL) {
free(ubifs_sb->s_fs_info);
free(ubifs_sb);
+ ubifs_sb = NULL;
}
#endif
}
#ifndef __UBOOT__
bdi_destroy(&c->bdi);
ubi_close_volume(c->ubi);
+ c->ubi = NULL;
mutex_unlock(&c->umount_mutex);
#endif
}
out_close:
#endif
ubi_close_volume(c->ubi);
+ c->ubi = NULL;
out:
return err;
}
printf("Unmounting UBIFS volume %s!\n",
((struct ubifs_info *)(ubifs_sb->s_fs_info))->vi.name);
ubifs_umount(ubifs_sb->s_fs_info);
- ubifs_sb = NULL;
}
}
projects / u-boot.git / commitdiff
