Re: [PATCH] hfs: do not free node before using

On Fri, Nov 23, 2018 at 04:51:49PM -0800, Viacheslav Dubeyko wrote: > On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > > The function hfs_bmap_free frees node via hfs_bnode_put(node). > > However, > > it then reads node->this when dumping error message on an error path, > > which may result in

Re: [PATCH] hfs: do not free node before using

On Fri, Nov 23, 2018 at 04:51:49PM -0800, Viacheslav Dubeyko wrote: > On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > > The function hfs_bmap_free frees node via hfs_bnode_put(node). > > However, > > it then reads node->this when dumping error message on an error path, > > which may result in

Re: [PATCH] hfs: do not free node before using

On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > The function hfs_bmap_free frees node via hfs_bnode_put(node). > However, > it then reads node->this when dumping error message on an error path, > which may result in a use-after-free bug. This patch frees node only > when it is never used. >

Re: [PATCH] hfs: do not free node before using

On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > The function hfs_bmap_free frees node via hfs_bnode_put(node). > However, > it then reads node->this when dumping error message on an error path, > which may result in a use-after-free bug. This patch frees node only > when it is never used. >

Re: [PATCH] hfs: do not free node before using

On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > The function hfs_bmap_free frees node via hfs_bnode_put(node). However, > it then reads node->this when dumping error message on an error path, > which may result in a use-after-free bug. This patch frees node only > when it is never used. > >

Re: [PATCH] hfs: do not free node before using

On Fri, 2018-11-23 at 17:04 +0800, Pan Bian wrote: > The function hfs_bmap_free frees node via hfs_bnode_put(node). However, > it then reads node->this when dumping error message on an error path, > which may result in a use-after-free bug. This patch frees node only > when it is never used. > >

[PATCH] hfs: do not free node before using

The function hfs_bmap_free frees node via hfs_bnode_put(node). However, it then reads node->this when dumping error message on an error path, which may result in a use-after-free bug. This patch frees node only when it is never used. Fixes: d614267329f("hfs/hfsplus: convert printks to pr_")

[PATCH] hfs: do not free node before using

The function hfs_bmap_free frees node via hfs_bnode_put(node). However, it then reads node->this when dumping error message on an error path, which may result in a use-after-free bug. This patch frees node only when it is never used. Fixes: d614267329f("hfs/hfsplus: convert printks to pr_")