[PATCH v2] erofs-utils: sbi->devs should be cleared after freed
Jingbo Xu
jefflexu at linux.alibaba.com
Mon Aug 21 21:20:00 AEST 2023
On 8/21/23 5:39 PM, Gao Xiang wrote:
> Otherwise, it could cause double-free if sbi reuses
> when fuzzing [1].
>
> [1] https://github.com/erofs/erofsnightly/actions/runs/5921003885/job/16053013007
> Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
LGTM.
Reviewed-by: Jingbo Xu <jefflexu at linux.alibaba.com>
> ---
> changes since v1:
> - add a missing sbi->devs = NULL in erofs_init_devices().
>
> lib/super.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/lib/super.c b/lib/super.c
> index 58e2574..38caf4d 100644
> --- a/lib/super.c
> +++ b/lib/super.c
> @@ -53,6 +53,7 @@ static int erofs_init_devices(struct erofs_sb_info *sbi,
> ret = dev_read(sbi, 0, &dis, pos, sizeof(dis));
> if (ret < 0) {
> free(sbi->devs);
> + sbi->devs = NULL;
> return ret;
> }
>
> @@ -123,14 +124,18 @@ int erofs_read_superblock(struct erofs_sb_info *sbi)
> return ret;
>
> ret = erofs_xattr_prefixes_init(sbi);
> - if (ret)
> + if (ret && sbi->devs) {
> free(sbi->devs);
> + sbi->devs = NULL;
> + }
> return ret;
> }
>
> void erofs_put_super(struct erofs_sb_info *sbi)
> {
> - if (sbi->devs)
> + if (sbi->devs) {
> free(sbi->devs);
> + sbi->devs = NULL;
> + }
> erofs_xattr_prefixes_cleanup(sbi);
> }
--
Thanks,
Jingbo
More information about the Linux-erofs
mailing list