diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-04-22 19:51:27 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-06-16 13:19:49 -0700 |
commit | 37067331d5902e42786f8456ca412512b19b8ac3 (patch) | |
tree | 7b97f23a82a2b6f7276ab6d49aeb0f84f55a4423 /fs | |
parent | c2375e697044e4a631e227d563ac210342f17f9c (diff) |
double-free of inode on alloc_file() failure exit in create_write_pipe()
upstream commit: ed1524371716466e9c762808b02601d0d0276a92
Duh... Fortunately, the bug is quite recent (post-2.6.25) and, embarrassingly,
mine ;-/
http://bugzilla.kernel.org/show_bug.cgi?id=10878
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/pipe.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/pipe.c b/fs/pipe.c index 8be381bbcb5..f73492b6817 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -988,7 +988,10 @@ struct file *create_write_pipe(void) return f; err_dentry: + free_pipe_info(inode); dput(dentry); + return ERR_PTR(err); + err_inode: free_pipe_info(inode); iput(inode); |