ref: 0ab0a036edd97a461b1b0b1ff5c5c8274f2a6f7b
parent: 15341e1116cd0fe31dcf3fb989d2004a8d3a3e8f
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Fri Aug 30 14:54:43 EDT 2024
gefs: fix use after free in putconn()
--- a/sys/src/cmd/gefs/fs.c
+++ b/sys/src/cmd/gefs/fs.c
@@ -2291,7 +2291,7 @@
{Conn **pp;
Amsg *a;
- Fid *f;
+ Fid *f, *nf;
int i;
if(adec(&c->ref) != 0)
@@ -2314,7 +2314,9 @@
for(i = 0; i < Nfidtab; i++){lock(&c->fidtablk[i]);
- for(f = c->fidtab[i]; f != nil; f = f->next){+ for(f = c->fidtab[i]; f != nil; f = nf){+ nf = f->next;
+ ainc(&f->ref);
lock(f);
a = nil;
clunkfid(c, f, &a);
--
⑨