mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 12:57:53 +00:00
ubifs: fix possible dereference after free
[ Upstream commitd81efd6610
] 'old_idx' could be dereferenced after free via 'rb_link_node' function call. Fixes:b5fda08ef2
("ubifs: Fix memleak when insert_old_idx() failed") Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
9b4a8eac17
commit
d3d782b5a5
1 changed files with 1 additions and 0 deletions
|
@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
|
|||
else {
|
||||
ubifs_err(c, "old idx added twice!");
|
||||
kfree(old_idx);
|
||||
return;
|
||||
}
|
||||
}
|
||||
rb_link_node(&old_idx->rb, parent, p);
|
||||
|
|
Loading…
Reference in a new issue