summaryrefslogtreecommitdiff
path: root/misc-utils/flash_unlock.c
diff options
context:
space:
mode:
authorYufen Yu <yuyufen@huawei.com>2019-01-24 17:06:29 +0800
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-02-11 04:58:33 +0100
commitf18e9636a26f39f6595ed365d31c01e876235b63 (patch)
tree35aefdce08d3d2733664462a40bab701d20492ea /misc-utils/flash_unlock.c
parent4a5a10a3dfe13d3f546ee4acbe2a96054ae423f7 (diff)
mtd-utils: fixes double free in mkfs.ubifs
In inode_add_xattr(), it malloc a buffer for name, and then passes the bufffer ptr to add_xattr(). The ptr will be used to create a new idx_entry in add_to_index(). However, inode_add_xattr() will free the buffer before return. which can cause double free in write_index(): free(idx_ptr[i]->name) *** Error in `./mkfs.ubifs': double free or corruption (fasttop): 0x0000000000aae220 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7cbac)[0x7f4881ff5bac] /lib64/libc.so.6(+0x87a59)[0x7f4882000a59] /lib64/libc.so.6(cfree+0x16e)[0x7f48820063be] ./mkfs.ubifs[0x402fbf] /lib64/libc.so.6(__libc_start_main+0xea)[0x7f4881f9988a] ./mkfs.ubifs[0x40356a] Signed-off-by: Yufen Yu <yuyufen@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'misc-utils/flash_unlock.c')
0 files changed, 0 insertions, 0 deletions