You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2023/10/25 17:04:29 UTC
[nuttx] branch master updated: fs/rename: fix use after free issue about rename
This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new dcc006035d fs/rename: fix use after free issue about rename
dcc006035d is described below
commit dcc006035da02efdb2278e46dd513ea8aa522ca8
Author: dongjiuzhu1 <do...@xiaomi.com>
AuthorDate: Thu Oct 12 21:15:32 2023 +0800
fs/rename: fix use after free issue about rename
Signed-off-by: dongjiuzhu1 <do...@xiaomi.com>
---
fs/vfs/fs_rename.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/fs/vfs/fs_rename.c b/fs/vfs/fs_rename.c
index dafc95af85..913fddfd06 100644
--- a/fs/vfs/fs_rename.c
+++ b/fs/vfs/fs_rename.c
@@ -348,14 +348,6 @@ next_subdir:
{
FAR char *subdirname;
- /* Free memory may be allocated in previous loop */
-
- if (subdir != NULL)
- {
- lib_free(subdir);
- subdir = NULL;
- }
-
/* Yes.. In this case, the target of the rename must be a
* subdirectory of newinode, not the newinode itself. For
* example: mv b a/ must move b to a/b.
@@ -371,8 +363,19 @@ next_subdir:
}
else
{
+ /* Save subdir to free memory may be allocated in
+ * previous loop.
+ */
+
+ FAR void *tmp = subdir;
+
ret = asprintf(&subdir, "%s/%s", newrelpath,
subdirname);
+ if (tmp != NULL)
+ {
+ lib_free(tmp);
+ }
+
if (ret < 0)
{
subdir = NULL;