diff options
author | Gao Xiang <hsiangkao@linux.alibaba.com> | 2023-08-21 17:39:29 +0800 |
---|---|---|
committer | Gao Xiang <hsiangkao@linux.alibaba.com> | 2023-08-21 23:14:59 +0800 |
commit | 88a43ec74514b311773c3a0824e0344c2687c593 (patch) | |
tree | 1a678b4fada89bee9e9142c881ff5b2c7046a2d2 | |
parent | 0111d59cfcaeea694371d5489ce2a8f0ab942381 (diff) | |
download | erofs-utils-88a43ec74514b311773c3a0824e0344c2687c593.tar.gz |
erofs-utils: sbi->devs should be cleared after freed
Otherwise, it could cause double-free if sbi reuses
when fuzzing [1].
[1] https://github.com/erofs/erofsnightly/actions/runs/5921003885/job/16053013007
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Link: https://lore.kernel.org/r/20230821093929.17146-1-hsiangkao@linux.alibaba.com
-rw-r--r-- | lib/super.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/super.c b/lib/super.c index 21dc51f..373354a 100644 --- a/lib/super.c +++ b/lib/super.c @@ -57,6 +57,7 @@ static int erofs_init_devices(struct erofs_sb_info *sbi, ret = dev_read(sbi, 0, &dis, pos, sizeof(dis)); if (ret < 0) { free(sbi->devs); + sbi->devs = NULL; return ret; } @@ -126,14 +127,18 @@ int erofs_read_superblock(struct erofs_sb_info *sbi) return ret; ret = erofs_xattr_prefixes_init(sbi); - if (ret) + if (ret && sbi->devs) { free(sbi->devs); + sbi->devs = NULL; + } return ret; } void erofs_put_super(struct erofs_sb_info *sbi) { - if (sbi->devs) + if (sbi->devs) { free(sbi->devs); + sbi->devs = NULL; + } erofs_xattr_prefixes_cleanup(sbi); } |