Re: [PATCH v4] name-hash: don't reuse cache_entry in dir_entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Turner <dturner@xxxxxxxxxxxxxxxx> writes:

> Stop reusing cache_entry in dir_entry; doing so causes a
> use-after-free bug.
>
> During merges, we free entries that we no longer need in the
> destination index.  But those entries might have also been stored in
> the dir_entry cache, and when a later call to add_to_index found them,
> they would be used after being freed.
>
> To prevent this, change dir_entry to store a copy of the name instead
> of a pointer to a cache_entry.  This entails some refactoring of code
> that expects the cache_entry.
>
> Keith McGuigan <kmcguigan@xxxxxxxxxxx> diagnosed this bug and wrote
> the initial patch, but this version does not use any of Keith's code.
>
> Helped-by: Keith McGuigan <kmcguigan@xxxxxxxxxxx>
> Helped-by: Junio C Hamano <gitster@xxxxxxxxx>
> Signed-off-by: David Turner <dturner@xxxxxxxxxxxxxxxx>
> ---

The patch looks good to me.  Will replace the ce-refcnt one with
this.

Thanks for following it through.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]