Message ID | 20190124090629.134985-1-yuyufen@huawei.com |
---|---|
State | Accepted |
Delegated to: | David Oberhollenzer |
Headers | show |
Series | mtd-utils: fixes double free in mkfs.ubifs | expand |
Applied to mtd-utils.git master Sorry for the delay, I was looking into this in a bit more detail and also waiting for some feedback on a related bug report. Unfortunately some of the newer code (encryption support) assumes the current behaviour and allocates the attribute name, so this patch will cause it to leak memory, which is IMO still less of a problem than mkfs.ubifs failing entirely with a double free error message, so I applied it for now. Thanks, David
======= Backtrace: ========= /lib64/libc.so.6(+0x7cbac)[0x7f4881ff5bac] /lib64/libc.so.6(+0x87a59)[0x7f4882000a59] /lib64/libc.so.6(cfree+0x16e)[0x7f48820063be] ./mkfs.ubifs[0x402fbf] /lib64/libc.so.6(__libc_start_main+0xea)[0x7f4881f9988a] ./mkfs.ubifs[0x40356a] Signed-off-by: Yufen Yu <yuyufen@huawei.com> --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 6e11ec8..e0c42f3 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1163,8 +1163,9 @@ static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, union ubifs_key xkey, nkey; int len, ret; - nm.name = name; nm.len = strlen(name); + nm.name = xmalloc(nm.len + 1); + memcpy(nm.name, name, nm.len + 1); host_ino->xattr_cnt++; host_ino->xattr_size += CALC_DENT_SIZE(nm.len);