Commit d81efd66 authored by Konstantin Meskhidze's avatar Konstantin Meskhidze Committed by Richard Weinberger

ubifs: fix possible dereference after free

'old_idx' could be dereferenced after free via 'rb_link_node' function
call.

Fixes: b5fda08e ("ubifs: Fix memleak when insert_old_idx() failed")
Co-developed-by: default avatarIvanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: default avatarKonstantin Meskhidze <konstantin.meskhidze@huawei.com>
Reviewed-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent ac085cfe
...@@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c, ...@@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
else { else {
ubifs_err(c, "old idx added twice!"); ubifs_err(c, "old idx added twice!");
kfree(old_idx); kfree(old_idx);
return;
} }
} }
rb_link_node(&old_idx->rb, parent, p); rb_link_node(&old_idx->rb, parent, p);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment