:: commit 5e29b6574c00240e22475957f4fed784835626ef

mintsuki <mintsuki@protonmail.com> — 2022-10-13 22:59

parents: a016008f16

file: Reimplement a1bcf3c0 without use-after-free bug

diff --git a/common/fs/ext2.s2.c b/common/fs/ext2.s2.c
index 976296d1..9b56d615 100644
--- a/common/fs/ext2.s2.c
+++ b/common/fs/ext2.s2.c
@@ -553,7 +553,6 @@ static void ext2_close(struct file_handle *file) {
         pmm_free(f->alloc_map, f->inode.i_blocks_count * sizeof(uint32_t));
     }
     pmm_free(f, sizeof(struct ext2_file_handle));
-    pmm_free(file, sizeof(struct file_handle));
 }
 
 static void ext2_read(struct file_handle *file, void *buf, uint64_t loc, uint64_t count) {
diff --git a/common/fs/fat32.s2.c b/common/fs/fat32.s2.c
index d1c83a6a..903984b0 100644
--- a/common/fs/fat32.s2.c
+++ b/common/fs/fat32.s2.c
@@ -525,5 +525,4 @@ static void fat32_close(struct file_handle *file) {
     struct fat32_file_handle *f = file->fd;
     pmm_free(f->cluster_chain, f->chain_len * sizeof(uint32_t));
     pmm_free(f, sizeof(struct fat32_file_handle));
-    pmm_free(file, sizeof(struct file_handle));
 }
diff --git a/common/fs/file.s2.c b/common/fs/file.s2.c
index 7d87138e..df413f32 100644
--- a/common/fs/file.s2.c
+++ b/common/fs/file.s2.c
@@ -81,10 +81,10 @@ void fclose(struct file_handle *fd) {
         if (fd->readall == false) {
             pmm_free(fd->fd, fd->size);
         }
-        pmm_free(fd, sizeof(struct file_handle));
     } else {
         fd->close(fd);
     }
+    pmm_free(fd, sizeof(struct file_handle));
 }
 
 void fread(struct file_handle *fd, void *buf, uint64_t loc, uint64_t count) {
@@ -106,6 +106,10 @@ void *freadall(struct file_handle *fd, uint32_t type) {
     } else {
         void *ret = ext_mem_alloc_type(fd->size, type);
         fd->read(fd, ret, 0, fd->size);
+        fd->close(fd);
+        fd->fd = ret;
+        fd->readall = true;
+        fd->is_memfile = true;
         return ret;
     }
 }
diff --git a/common/fs/iso9660.s2.c b/common/fs/iso9660.s2.c
index 670787f9..6acc58a9 100644
--- a/common/fs/iso9660.s2.c
+++ b/common/fs/iso9660.s2.c
@@ -294,5 +294,4 @@ static void iso9660_read(struct file_handle *file, void *buf, uint64_t loc, uint
 
 static void iso9660_close(struct file_handle *file) {
     pmm_free(file->fd, sizeof(struct iso9660_file_handle));
-    pmm_free(file, sizeof(struct file_handle));
 }
tab: 248 wrap: offon
iczelia
https://iczelia.net // (c) 2019 - 2026 iczelia (Kamila Szewczyk) // email: k@iczelia.net