Skip to content

Commit d81efd6

Browse files
BoardzMasterrichardweinberger
authored andcommitted
ubifs: fix possible dereference after free
'old_idx' could be dereferenced after free via 'rb_link_node' function call. Fixes: b5fda08 ("ubifs: Fix memleak when insert_old_idx() failed") Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
1 parent ac085cf commit d81efd6

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

fs/ubifs/tnc.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
6565
else {
6666
ubifs_err(c, "old idx added twice!");
6767
kfree(old_idx);
68+
return;
6869
}
6970
}
7071
rb_link_node(&old_idx->rb, parent, p);

0 commit comments

Comments
 (0)