]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c2375e6)
double-free of inode on alloc_file() failure exit in create_write_pipe()
authorAl Viro <viro@zeniv.linux.org.uk>
Tue, 22 Apr 2008 23:51:27 +0000 (19:51 -0400)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 16 Jun 2008 20:19:49 +0000 (13:19 -0700)
upstream commit: ed1524371716466e9c762808b02601d0d0276a92

Duh...  Fortunately, the bug is quite recent (post-2.6.25) and, embarrassingly,
mine ;-/

http://bugzilla.kernel.org/show_bug.cgi?id=10878

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
fs/pipe.c patch | blob | blame | history

diff --git a/fs/pipe.c b/fs/pipe.c
index 8be381bbcb54ad4108ea3bf453b19afd702314b5..f73492b6817ea37d356b63f8bdfd81a960156ca7 100644 (file)
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -988,7 +988,10 @@ struct file *create_write_pipe(void)
        return f;
 
  err_dentry:
+       free_pipe_info(inode);
        dput(dentry);
+       return ERR_PTR(err);
+
  err_inode:
        free_pipe_info(inode);
        iput(inode);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git