ref: e5e8591ce558bf72929720dd05af82dd57e18a38
parent: 664dd820a26824ee2bda86fa7b0e9baa8cde9316
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Fri Aug 30 14:54:43 EDT 2024
gefs: fix use after free in putconn()
--- a/sys/src/cmd/gefs/fs.c
+++ b/sys/src/cmd/gefs/fs.c
@@ -2291,7 +2291,7 @@
{Conn **pp;
Amsg *a;
- Fid *f;
+ Fid *f, *nf;
int i;
if(adec(&c->ref) != 0)
@@ -2314,7 +2314,9 @@
for(i = 0; i < Nfidtab; i++){lock(&c->fidtablk[i]);
- for(f = c->fidtab[i]; f != nil; f = f->next){+ for(f = c->fidtab[i]; f != nil; f = nf){+ nf = f->next;
+ ainc(&f->ref);
lock(f);
a = nil;
clunkfid(c, f, &a);
--
⑨