Commit 6e5a79de authored by Paul Emge's avatar Paul Emge Committed by Tom Rini
Browse files

CVE-2019-13105: ext4: fix double-free in ext4_cache_read



ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.
Signed-off-by: default avatarPaul Emge <paulemge@forallsecure.com>
parent 232e2f4f
...@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) ...@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
if (!cache->buf) if (!cache->buf)
return 0; return 0;
if (!ext4fs_devread(block, 0, size, cache->buf)) { if (!ext4fs_devread(block, 0, size, cache->buf)) {
free(cache->buf); ext_cache_fini(cache);
return 0; return 0;
} }
cache->block = block; cache->block = block;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment