OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ubifs: fix possible dereference after free 

[ Upstream commit d81efd66106c03771ffc8637855a6ec24caa6350 ]

'old_idx' could be dereferenced after free via 'rb_link_node' function
call.

Fixes: b5fda08ef2 ("ubifs: Fix memleak when insert_old_idx() failed")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Konstantin Meskhidze 2023-09-05 18:12:22 +08:00 committed by Greg Kroah-Hartman
parent 3c42cc437d
commit 1c250f2c5f
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fs/ubifs/tnc.c
View File

@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
else {
ubifs_err(c, "old idx added twice!");
kfree(old_idx);
return;
}
}
rb_link_node(&old_idx->rb, parent, p);