Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 820402d2 authored by Russell King's avatar Russell King Committed by Greg Kroah-Hartman
Browse files

fs/adfs: super: fix use-after-free bug 



[ Upstream commit 5808b14a1f52554de612fee85ef517199855e310 ]

Fix a use-after-free bug during filesystem initialisation, where we
access the disc record (which is stored in a buffer) after we have
released the buffer.

Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 1235f5e0

fs/adfs/super.c

+4 −1
Original line number Diff line number Diff line
@@ -368,6 +368,7 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) 
	struct buffer_head *bh;

	struct object_info root_obj;

	unsigned char *b_data;

	unsigned int blocksize;

	struct adfs_sb_info *asb;

	struct inode *root;

	int ret = -EINVAL;
@@ -419,8 +420,10 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) 
		goto error_free_bh;

	}



	blocksize = 1 << dr->log2secsize;

	brelse(bh);

	if (sb_set_blocksize(sb, 1 << dr->log2secsize)) {



	if (sb_set_blocksize(sb, blocksize)) {

		bh = sb_bread(sb, ADFS_DISCRECORD / sb->s_blocksize);

		if (!bh) {

			adfs_error(sb, "couldn't read superblock on "