[PATCH 1/1] fs/affs/super.c: bugfix / double free
From: Fabian Frederick
Date: Sun May 04 2014 - 02:36:20 EST
842a859db26b70
("affs: use ->kill_sb() to simplify ->put_super() and failure exits of ->mount()")
adds .kill_sb which frees sbi but doesn't remove sbi free in case of parse_options
error causing double free+random crash.
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx>
---
fs/affs/super.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 6d589f2..895ac7d 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -340,8 +340,6 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
&blocksize,&sbi->s_prefix,
sbi->s_volume, &mount_flags)) {
printk(KERN_ERR "AFFS: Error parsing options\n");
- kfree(sbi->s_prefix);
- kfree(sbi);
return -EINVAL;
}
/* N.B. after this point s_prefix must be released */
--
1.8.4.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/