LinuxLists.cc - [2.5] double free in ext2?

2003-03-07 09:56:22

Subject: [2.5] double free in ext2?

Hello!

I am playing with smatch and while testing my improved version of
unfree.pl, I seems to have found a double free condition in ext2:

fs/ext2/super.c::ext2_fill_super() (I am looking at yesterday's 2.5 snapshot)

in line 784 we do kfree(sbi->s_group_desc); (then print "EXT2-fs: unable to read group descriptors\n")
and go to failed_mount_group_desc, which reads (from line 821):
failed_mount_group_desc:
kfree(sbi->s_group_desc);

2.4 is not affected.

Bye,
Oleg

2003-03-07 10:01:06

by Andrew Morton

[permalink] [raw]

Subject: Re: [2.5] double free in ext2?

Oleg Drokin <[email protected]> wrote:
>
> Hello!
>
> I am playing with smatch and while testing my improved version of
> unfree.pl, I seems to have found a double free condition in ext2:
>
> fs/ext2/super.c::ext2_fill_super() (I am looking at yesterday's 2.5 snapshot)
>
> in line 784 we do kfree(sbi->s_group_desc); (then print "EXT2-fs: unable to read group descriptors\n")
> and go to failed_mount_group_desc, which reads (from line 821):
> failed_mount_group_desc:
> kfree(sbi->s_group_desc);
>

yes, bug. Thanks.