eventpoll: use-after-possible-free in epoll_create1() · 98022748f6 - Gogs

eventpoll: use-after-possible-free in epoll_create1()

As soon as we'd installed the file into descriptor table, it can
get closed by another thread.  Freeing ep in process...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 13 years ago

parent

31605debdf

commit

98022748f6

1 changed files with 1 additions and 1 deletions

Split View Show Diff Stats

						
							+ 1
							
							- 1
						
fs/eventpoll.c
							 
								View File
							
				@@ -1654,8 +1654,8 @@ SYSCALL_DEFINE1(epoll_create1, int, flags)
			
				 		error = PTR_ERR(file);
			
				 		goto out_free_fd;
			
				 	}
			
				-	fd_install(fd, file);
			
				 	ep->file = file;
			
				+	fd_install(fd, file);
			
				 	return fd;
			
				 out_free_fd: