> On 8 Dec 2025, at 3:51 PM, Srish Srinivasan <[email protected]> wrote: > > Inside grub_util_fd_open, a failure while creating an IO > request or opening a device frees ret (the fd) before its > MsgPort is deleted. This leads to a use-after-free scenario. > > Fix this by freeing ret after its MsgPort has been deleted. > > Signed-off-by: Srish Srinivasan <[email protected]>
Reviewed-by: Sudhakar Kuppusamy <[email protected]> Thanks, Sudhakar > --- > grub-core/osdep/aros/hostdisk.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/grub-core/osdep/aros/hostdisk.c b/grub-core/osdep/aros/hostdisk.c > index 08723bd45..c75474933 100644 > --- a/grub-core/osdep/aros/hostdisk.c > +++ b/grub-core/osdep/aros/hostdisk.c > @@ -207,8 +207,8 @@ grub_util_fd_open (const char *dev, int flg) > sizeof(struct IOExtTD)); > if (!ret->ioreq) > { > - free (ret); > DeleteMsgPort (ret->mp); > + free (ret); > return NULL; > } > > @@ -225,9 +225,9 @@ grub_util_fd_open (const char *dev, int flg) > if (OpenDevice ((unsigned char *) tmp, unit, > (struct IORequest *) ret->ioreq, flags)) > { > - free (tmp); > - free (ret); > DeleteMsgPort (ret->mp); > + free (ret); > + free (tmp); > return NULL; > } > free (tmp); > -- > 2.43.0 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
