jffs2: move jffs2_init_inode_info() just after allocating inode
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8TC11 CVE: NA --------------------------- After commit 4fdcfab5 ("jffs2: fix use-after-free on symlink traversal"), it expose a freeing uninitialized memory problem due to this commit move the operaion of freeing f->target to jffs2_i_callback(), which may not be initialized in some error path of allocating jffs2 inode (eg: jffs2_iget()->iget_locked()-> destroy_inode()->..->jffs2_i_callback()->kfree(f->target)). Fix this by initialize the jffs2_inode_info just after allocating it. Signed-off-by:zhangyi (F) <yi.zhang@huawei.com> Conflicts: fs/jffs2/super.c Signed-off-by:
Loading
Please sign in to comment