Re: [PATCH] xfsdump: prevent use-after-free in fstab_commit()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 29, 2024 at 12:59:25PM -0500, Bill O'Donnell wrote:
> Fix potential use-after-free of list pointer in fstab_commit().
> Use a copy of the pointer when calling invidx_commit().
> 
> Coverity CID 1498039.
> 
> Signed-off-by: Bill O'Donnell <bodonnel@xxxxxxxxxx>

NACK. Deeming this finding as a false positive.

> ---
>  invutil/fstab.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/invutil/fstab.c b/invutil/fstab.c
> index 88d849e..fe2b1f9 100644
> --- a/invutil/fstab.c
> +++ b/invutil/fstab.c
> @@ -66,6 +66,7 @@ fstab_commit(WINDOW *win, node_t *current, node_t *list)
>      data_t *d;
>      invt_fstab_t *fstabentry;
>      int fstabentry_idx;
> +    node_t *list_cpy = list;
>  
>      n = current;
>      if(n == NULL || n->data == NULL)
> @@ -77,8 +78,10 @@ fstab_commit(WINDOW *win, node_t *current, node_t *list)
>  
>      if(d->deleted == BOOL_TRUE && d->imported == BOOL_FALSE) {
>  	for(i = 0; i < d->nbr_children; i++) {
> -	    invidx_commit(win, d->children[i], list);
> +		list_cpy = list;
> +		invidx_commit(win, d->children[i], list_cpy);
>  	}
> +	free(list_cpy);
>  	mark_all_children_commited(current);
>  
>  	fstabentry_idx = (int)(((long)fstabentry - (long)fstab_file[fidx].mapaddr - sizeof(invt_counter_t)) / sizeof(invt_fstab_t));
> @@ -101,8 +104,10 @@ fstab_commit(WINDOW *win, node_t *current, node_t *list)
>  	invt_fstab_t *dest;
>  
>  	for(i = 0; i < d->nbr_children; i++) {
> -	    invidx_commit(win, d->children[i], list);
> +		list_cpy = list;
> +		invidx_commit(win, d->children[i], list_cpy);
>  	}
> +	free(list_cpy);
>  	mark_all_children_commited(current);
>  
>  	if(find_matching_fstab(0, fstabentry) >= 0) {
> -- 
> 2.46.0
> 





[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux