|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2] Mini-OS: fix 9pfs frontend error path
Juergen Gross, le mar. 06 févr. 2024 20:11:25 +0100, a ecrit:
> The early error exit in p9_stat() returns without zeroing the p9_stat
> buffer, resulting in free() being called with an uninitialized pointer.
>
> Fix that by calling free_stat() in p9_stat() in case of returning an
> error and potentially having allocated strings.
>
> Reported-by: Julien Grall <julien@xxxxxxx>
> Fixes: 2d1dfccd3aa3 ("Mini-OS: add read and write support to 9pfsfront")
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
Thanks!
> ---
> V2:
> - call free_stat() in p9_stat() in case of returning an error
> (Samuel Thibault)
> ---
> 9pfront.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/9pfront.c b/9pfront.c
> index 315089bc..042879a7 100644
> --- a/9pfront.c
> +++ b/9pfront.c
> @@ -728,6 +728,8 @@ static int p9_stat(struct dev_9pfs *dev, uint32_t fid,
> struct p9_stat *stat)
> &stat->extension, &stat->n_uid, &stat->n_gid, &stat->n_muid);
>
> ret = req->result;
> + if ( ret )
> + free_stat(&stat);
>
> put_free_req(dev, req);
>
> @@ -932,13 +934,13 @@ static int write_9pfs(struct file *file, const void
> *buf, size_t nbytes)
> if ( f9pfs->append )
> {
> ret = p9_stat(f9pfs->dev, f9pfs->fid, &stat);
> - free_stat(&stat);
> if ( ret )
> {
> errno = EIO;
> return -1;
> }
> file->offset = stat.length;
> + free_stat(&stat);
> }
>
> ret = p9_write(f9pfs->dev, f9pfs->fid, file->offset, buf, nbytes);
> --
> 2.35.3
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |