diff options
| author | Namjae Jeon <[email protected]> | 2025-04-01 04:50:39 +0000 |
|---|---|---|
| committer | Namjae Jeon <[email protected]> | 2025-05-26 11:25:23 +0000 |
| commit | 1f3d9724e16d62c7d42c67d6613b8512f2887c22 (patch) | |
| tree | 7c02a7f7436685110d384fcaedc6a22988bdac75 | |
| parent | Linux 6.15 (diff) | |
| download | kernel-1f3d9724e16d62c7d42c67d6613b8512f2887c22.tar.gz kernel-1f3d9724e16d62c7d42c67d6613b8512f2887c22.zip | |
exfat: fix double free in delayed_free
The double free could happen in the following path.
exfat_create_upcase_table()
exfat_create_upcase_table() : return error
exfat_free_upcase_table() : free ->vol_utbl
exfat_load_default_upcase_table : return error
exfat_kill_sb()
delayed_free()
exfat_free_upcase_table() <--------- double free
This patch set ->vol_util as NULL after freeing it.
Reported-by: Jianzhou Zhao <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
| -rw-r--r-- | fs/exfat/nls.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/exfat/nls.c b/fs/exfat/nls.c index d47896a89596..1729bf42eb51 100644 --- a/fs/exfat/nls.c +++ b/fs/exfat/nls.c @@ -801,4 +801,5 @@ load_default: void exfat_free_upcase_table(struct exfat_sb_info *sbi) { kvfree(sbi->vol_utbl); + sbi->vol_utbl = NULL; } |