This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 closedir() calls _cleanupdir() on a pointer to DIR after a free(). If HAVE_DD_LOCK is defined, it also dereferences the pointer when calling __lock_release_recursive() and __lock_close_recursive(). This was creating problems in my target. Moreover, the previous code would not deallocate the struct if dirp->dd_fd is -1. Attached is a simple patch to fix the issue. 2013-11-13 Terraneo Federico <fede.tft@hotmail.it> * libc/posix/closedir.c: Fix use after free and memory leak if dirp->dd_fd is -1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSg2D6AAoJECkLFtN5Xr9fp40H/R2T4R3IYV66wqmmM3FskO0U 4iyWdjzPusRh4lGbTwWGuYa5aNbG/9FP+k64/sRSAWnKtvLJNjlUR2QsGIE592Zq MYHshpcpEL5h6TwkHS5hBkzdQs0MqbnLBZFUHAS9AGa0k6RpW9sGeAHbv0CqYFUe /ur3a+KoslSMNpmFLEGI+dSU8It5Gm/6SCPaz7DYhjgd4xg2nrI3hbrfCDcAzCY0 yWl8AfTDSfZFrfkHHjCQzmyHaIKYRAQaCwndEJO1ZUR1Hb+vl+ft6fTWtA/ugifj MOB4+ruHDIaata9p0E4shh9en5cp/WeL0X/ykk1svdOQq4xYVyd9uxQ5eoPXB4Y= =7xET -----END PGP SIGNATURE-----
diff -ruN newlib-old/newlib/libc/posix/closedir.c newlib/newlib/libc/posix/closedir.c --- newlib-old/newlib/libc/posix/closedir.c 2003-06-06 21:57:51.000000000 +0200 +++ newlib/newlib/libc/posix/closedir.c 2013-11-13 09:41:46.776079589 +0100 @@ -63,7 +63,6 @@ dirp->dd_fd = -1; dirp->dd_loc = 0; (void)free((void *)dirp->dd_buf); - (void)free((void *)dirp); rc = close(fd); _cleanupdir(dirp); } @@ -71,6 +70,7 @@ __lock_release_recursive(dirp->dd_lock); __lock_close_recursive(dirp->dd_lock); #endif + (void)free((void *)dirp); return rc; }
Attachment:
closedir.patch.sig
Description: Binary data
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |