[U-Boot] Possible bug in UBIFS function ubifs_finddir
Rod Boyce
uboot at teamboyce.co.uk
Thu Jun 16 13:13:28 CEST 2011
All,
Hello again it has been a while since I was here.
I am working on u-boot once again and think I may have found a bug in the
UBIFS sub-system.
The function is ubifs_finddir and the issue is that there seems to be a
free of a pointer in a structure that has already been freed. This is
causing the free function to rightly crash.
The code is in the error path of the ubifs_finddir at the end of the
function line 363:
if (file)
free(file);
if (dentry)
free(dentry);
if (dir)
free(dir);
if (file->private_data)
kfree(file->private_data);
file->private_data = NULL;
file->f_pos = 2;
The issue is that we are free'ing the file pointer at the top of this
block and then trying to free the private_data element after the base
pointer. I will fix and send a patch but before I do I just wanted to
make sure I was not missing the obvious.
Has this been discussed before and is there already a patch?
Regards,
Rod Boyce
More information about the U-Boot
mailing list