pkarashchenko opened a new issue, #9575: URL: https://github.com/apache/nuttx/issues/9575
I've noticed that `fs_getfilep()` returns the pointer from `list->fl_files`. The returned pointer is used further and passed to other APIs. The `list->fl_files` access is protected by `list->fl_lock`, but after `fs_getfilep()` returns the `list->fl_lock` is released. On the other hand the `files_extend()` contains `tmp = kmm_realloc(list->fl_files, sizeof(FAR struct file *) * row);` call that potentially can move all the list entries to a new memory location. So it one thread is interrupted after `fs_getfilep()` returns and another thread leads to `files_extend()` call the first thread will potentially access already freed memory (maybe even allocated and used by another user), so potentially can cause memory corruption. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
