subject:"\[PATCH AUTOSEL for 4.9 246\/293\] jffs2\: Fix use\-after\-free bug in jffs2_iget\(\)'s error handling path"

[PATCH AUTOSEL for 4.9 246/293] jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path

2018-04-08 Thread Sasha Levin

From: Jake Daryll Obina [ Upstream commit 5bdd0c6f89fba430e18d636493398389dadc3b17 ] If jffs2_iget() fails for a newly-allocated inode, jffs2_do_clear_inode() can get called twice in the error handling path, the first call in jffs2_iget() itself and the second through

[PATCH AUTOSEL for 4.9 246/293] jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path

2018-04-08 Thread Sasha Levin

From: Jake Daryll Obina [ Upstream commit 5bdd0c6f89fba430e18d636493398389dadc3b17 ] If jffs2_iget() fails for a newly-allocated inode, jffs2_do_clear_inode() can get called twice in the error handling path, the first call in jffs2_iget() itself and the second through iget_failed(). This can