git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2928f0d)
UBIFS: fix double free of ubifs_orphan objects
authorAdam Thomas <adamthomas1111@gmail.com>
Sat, 2 Feb 2013 22:35:08 +0000 (22:35 +0000)
committerArtem Bityutskiy <artem.bityutskiy@linux.intel.com>
Mon, 4 Feb 2013 10:31:48 +0000 (12:31 +0200)
The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: stable@vger.kernel.org
fs/ubifs/orphan.c patch | blob | history
fs/ubifs/ubifs.h patch | blob | history

diff --cc fs/ubifs/orphan.c
Simple merge
diff --cc fs/ubifs/ubifs.h
Simple merge
Pandora Kernel Repository