Fix: libfstree: double free in error path

If fstree_mknode fails, because the parent link count would overflow, the function fails and cleans up behind it. The problem arises because the function does this check *after* inserting the node in the parent node, so it is later free'd again, when destroying the rest of the tree. This patch moves the insertion after the check to mitigate the problem. Reported-by: Marvin Renich <mrvn@renich.org> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
author: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2022-07-08 16:49:36 +0200
committer: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2022-07-08 19:17:18 +0200
commit: fd0b2e7a242568f5b11f8a22ce0c3f639e6bbbfc (patch)
tree: 7d078e1f54ccaf6f68789d951c28922b9b85c03c /lib/fstree
parent: 5b960f8b3a1cb5216f76976298b036277815279b (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/fstree/mknode.c b/lib/fstree/mknode.c
index 7d6e315..11026f6 100644
--- a/lib/fstree/mknode.c
+++ b/lib/fstree/mknode.c
@@ -88,14 +88,13 @@ tree_node_t *fstree_mknode(tree_node_t *parent, const char *name,
 	}
 
 	if (parent != NULL) {
-		fstree_insert_sorted(parent, n);
-
 		if (parent->link_count == 0x0FFFF) {
 			free(n);
 			errno = EMLINK;
 			return NULL;
 		}
 
+		fstree_insert_sorted(parent, n);
 		parent->link_count++;
 	}
author	David Oberhollenzer <david.oberhollenzer@sigma-star.at>	2022-07-08 16:49:36 +0200
committer	David Oberhollenzer <david.oberhollenzer@sigma-star.at>	2022-07-08 19:17:18 +0200
commit	fd0b2e7a242568f5b11f8a22ce0c3f639e6bbbfc (patch)
tree	7d078e1f54ccaf6f68789d951c28922b9b85c03c /lib/fstree
parent	5b960f8b3a1cb5216f76976298b036277815279b (diff)