tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

hfs: fix potential use after free in hfs_correct_next_unused_CNID()

This code calls hfs_bnode_put(node) which drops the refcount and then
dreferences "node" on the next line. It's only safe to use "node"
when we're holding a reference so flip these two lines around.

Fixes: a06ec283e125 ("hfs: add logic of correcting a next unused CNID")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
Link: https://lore.kernel.org/r/aN-Xw8KnbSnuIcLk@stanley.mountain
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>

authored by

Dan Carpenter and committed by
Viacheslav Dubeyko c105e76b 3a866087

+1 -1
+1 -1
fs/hfs/catalog.c
··· 322 322 } 323 323 } 324 324 325 + node_id = node->prev; 325 326 hfs_bnode_put(node); 326 327 327 - node_id = node->prev; 328 328 } while (node_id >= leaf_head); 329 329 330 330 return -ENOENT;