From 15a9847ae5d391c7195cbe79cf31e0328bfc7892 Mon Sep 17 00:00:00 2001 From: Maschell Date: Mon, 23 May 2022 22:39:14 +0200 Subject: [PATCH] Fix use after free --- source/iosuhax_devoptab.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source/iosuhax_devoptab.c b/source/iosuhax_devoptab.c index ca80462..aed1280 100644 --- a/source/iosuhax_devoptab.c +++ b/source/iosuhax_devoptab.c @@ -462,8 +462,9 @@ static int fs_dev_stat_r(struct _reent *r, const char *path, struct stat *st) { FSStat stats; int result = IOSUHAX_FSA_GetStat(dev->fsaFd, real_path, &stats); - free(real_path); + if (result < 0) { + free(real_path); r->_errno = fs_dev_translate_error(result); OSUnlockMutex(dev->pMutex); return -1; @@ -484,6 +485,8 @@ static int fs_dev_stat_r(struct _reent *r, const char *path, struct stat *st) { st->st_ctime = fs_dev_translate_time(stats.created); st->st_mtime = fs_dev_translate_time(stats.modified); + free(real_path); + OSUnlockMutex(dev->pMutex); return 0; } @@ -509,8 +512,8 @@ static int fs_dev_lstat_r(struct _reent *r, const char *path, struct stat *st) { FSStat stats; int result = IOSUHAX_FSA_GetStat(dev->fsaFd, real_path, &stats); - free(real_path); if (result < 0) { + free(real_path); r->_errno = fs_dev_translate_error(result); OSUnlockMutex(dev->pMutex); return -1; @@ -531,6 +534,8 @@ static int fs_dev_lstat_r(struct _reent *r, const char *path, struct stat *st) { st->st_ctime = fs_dev_translate_time(stats.created); st->st_mtime = fs_dev_translate_time(stats.modified); + free(real_path); + OSUnlockMutex(dev->pMutex); return 0; }