diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2025-04-01 13:50:39 +0900 |
|---|---|---|
| committer | Namjae Jeon <linkinjeon@kernel.org> | 2025-05-26 20:25:23 +0900 |
| commit | 1f3d9724e16d62c7d42c67d6613b8512f2887c22 (patch) | |
| tree | 7c02a7f7436685110d384fcaedc6a22988bdac75 | |
| parent | 0ff41df1cb268fc69e703a08a57ee14ae967d0ca (diff) | |
exfat: fix double free in delayed_free
The double free could happen in the following path.
exfat_create_upcase_table()
exfat_create_upcase_table() : return error
exfat_free_upcase_table() : free ->vol_utbl
exfat_load_default_upcase_table : return error
exfat_kill_sb()
delayed_free()
exfat_free_upcase_table() <--------- double free
This patch set ->vol_util as NULL after freeing it.
Reported-by: Jianzhou Zhao <xnxc22xnxc22@qq.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
| -rw-r--r-- | fs/exfat/nls.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/exfat/nls.c b/fs/exfat/nls.c index d47896a89596..1729bf42eb51 100644 --- a/fs/exfat/nls.c +++ b/fs/exfat/nls.c @@ -801,4 +801,5 @@ load_default: void exfat_free_upcase_table(struct exfat_sb_info *sbi) { kvfree(sbi->vol_utbl); + sbi->vol_utbl = NULL; } |