projects / qemu-gpiodev / libfuse.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8de32bc)
Use destroy_req instead of free to destroy fuse_req
authorFrank Dinoff <fdinoff@google.com>
Tue, 26 Jul 2022 19:49:01 +0000 (15:49 -0400)
committerNikolaus Rath <Nikolaus@rath.org>
Thu, 8 Sep 2022 09:49:37 +0000 (10:49 +0100)
If we get the interrupt before the fuse op, the fuse_req is deleted without
decrementing the refcount on the cloned file descriptor. This leads to a
leak of the cloned /dev/fuse file descriptor.

lib/fuse_lowlevel.c patch | blob | history

diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index e5de2a56d30ee6b374ea5baa77b76fa65a6185c2..e82cd9e9ffb8a8f855ed61ecce95418fdfc40c9f 100644 (file)
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -1762,7 +1762,9 @@ static struct fuse_req *check_interrupt(struct fuse_session *se,
                if (curr->u.i.unique == req->unique) {
                        req->interrupted = 1;
                        list_del_req(curr);
-                       free(curr);
+                       fuse_chan_put(curr->ch);
+                       curr->ch = NULL;
+                       destroy_req(curr);
                        return NULL;
                }
        }
Unnamed repository; edit this file 'description' to name the repository.