sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fs/rename: fix use after free issue about rename

Browse Source 
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
This commit is contained in:
dongjiuzhu1 2023-10-12 21:15:32 +08:00 committed by Xiang Xiao
parent 968e89303f
commit dcc006035d
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fs/vfs/fs_rename.c
View File

@ -348,14 +348,6 @@ next_subdir:
{ {
FAR char *subdirname; FAR char *subdirname;
/* Free memory may be allocated in previous loop */
if (subdir != NULL)
{
lib_free(subdir);
subdir = NULL;
}
/* Yes.. In this case, the target of the rename must be a /* Yes.. In this case, the target of the rename must be a
* subdirectory of newinode, not the newinode itself. For * subdirectory of newinode, not the newinode itself. For
* example: mv b a/ must move b to a/b. * example: mv b a/ must move b to a/b.
@ -371,8 +363,19 @@ next_subdir:
} }
else else
{ {
/* Save subdir to free memory may be allocated in
* previous loop.
*/
FAR void *tmp = subdir;
ret = asprintf(&subdir, "%s/%s", newrelpath, ret = asprintf(&subdir, "%s/%s", newrelpath,
subdirname); subdirname);
if (tmp != NULL)
{
lib_free(tmp);
}
if (ret < 0) if (ret < 0)
{ {
subdir = NULL; subdir = NULL;