You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by da...@apache.org on 2020/09/09 14:51:26 UTC

[incubator-nuttx] branch master updated: fs/vfs: reuse file_dup2 directly in file_dup to fix segfault issue

This is an automated email from the ASF dual-hosted git repository.

davids5 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new bf06776  fs/vfs: reuse file_dup2 directly in file_dup to fix segfault issue
bf06776 is described below

commit bf06776f7cb2bcf74567f92de3e16c58c88cb92e
Author: liuhaitao <li...@xiaomi.com>
AuthorDate: Tue Sep 8 14:13:49 2020 +0800

    fs/vfs: reuse file_dup2 directly in file_dup to fix segfault issue
    
    Or close the fd2 return by dup() would segment fault since filep->f_priv
    null access.
    
    Change-Id: I285c86f54bbb486d6c2c5aea53952f69083dca72
    Signed-off-by: liuhaitao <li...@xiaomi.com>
---
 fs/vfs/fs_dupfd.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/fs/vfs/fs_dupfd.c b/fs/vfs/fs_dupfd.c
index d8bd080..5364bde 100644
--- a/fs/vfs/fs_dupfd.c
+++ b/fs/vfs/fs_dupfd.c
@@ -50,13 +50,14 @@
  *   accepts a struct file instance instead of a file descriptor.
  *
  * Returned Value:
- *   Zero (OK) is returned on success; a negated errno value is returned on
- *   any failure.
+ *   The new file descriptor is returned on success; a negated errno value
+ *   is returned on any failure.
  *
  ****************************************************************************/
 
 int file_dup(FAR struct file *filep, int minfd)
 {
+  FAR struct file *filep2;
   int fd2;
   int ret;
 
@@ -67,21 +68,26 @@ int file_dup(FAR struct file *filep, int minfd)
       return -EBADF;
     }
 
-  /* Increment the reference count on the contained inode */
+  /* Then allocate a new file descriptor for the inode */
+
+  fd2 = files_allocate(NULL, 0, 0, minfd);
+  if (fd2 < 0)
+    {
+      return -EMFILE;
+    }
 
-  ret = inode_addref(filep->f_inode);
+  ret = fs_getfilep(fd2, &filep2);
   if (ret < 0)
     {
+      files_release(fd2);
       return ret;
     }
 
-  /* Then allocate a new file descriptor for the inode */
-
-  fd2 = files_allocate(filep->f_inode, filep->f_oflags, filep->f_pos, minfd);
-  if (fd2 < 0)
+  ret = file_dup2(filep, filep2);
+  if (ret < 0)
     {
-      inode_release(filep->f_inode);
-      return -EMFILE;
+      files_release(fd2);
+      return ret;
     }
 
   return fd2;
@@ -95,8 +101,8 @@ int file_dup(FAR struct file *filep, int minfd)
  *   value greater than or equal to 'minfd').
  *
  * Returned Value:
- *   Zero (OK) is returned on success; a negated errno value is returned on
- *   any failure.
+ *   The new file descriptor is returned on success; a negated errno value
+ *   is returned on any failure.
  *
  ****************************************************************************/