1From 6e5a79de658cb1c8012c86e0837379aa6eabd024 Mon Sep 17 00:00:00 2001 2From: Paul Emge <paulemge@forallsecure.com> 3Date: Mon, 8 Jul 2019 16:37:04 -0700 4Subject: [PATCH] CVE-2019-13105: ext4: fix double-free in ext4_cache_read 5 6ext_cache_read doesn't null cache->buf, after freeing, which results 7in a later function double-freeing it. This patch fixes 8ext_cache_read to call ext_cache_fini instead of free. 9 10Signed-off-by: Paul Emge <paulemge@forallsecure.com> 11--- 12 fs/ext4/ext4fs.c | 2 +- 13 1 file changed, 1 insertion(+), 1 deletion(-) 14 15diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c 16index 26db677..85dc122 100644 17--- a/fs/ext4/ext4fs.c 18+++ b/fs/ext4/ext4fs.c 19@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size) 20 if (!cache->buf) 21 return 0; 22 if (!ext4fs_devread(block, 0, size, cache->buf)) { 23- free(cache->buf); 24+ ext_cache_fini(cache); 25 return 0; 26 } 27 cache->block = block; 28-- 291.9.1 30 31