Skip to content

Commit

Permalink
CVE-2019-13105: ext4: fix double-free in ext4_cache_read
Browse files Browse the repository at this point in the history 
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.

Signed-off-by: Paul Emge <[email protected]>
  • Loading branch information
@trini
Paul Emge authored and trini committed Jul 18, 2019
1 parent 232e2f4 commit 6e5a79d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/ext4/ext4fs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
if (!cache->buf)
return 0;
if (!ext4fs_devread(block, 0, size, cache->buf)) {
free(cache->buf);
ext_cache_fini(cache);
return 0;
}
cache->block = block;
Expand Down

0 comments on commit 6e5a79d

Please sign in to comment.