fix linked list corruption in flockfile lists

commit 5345c9b8 added a linked list to track the FILE streams currently locked (via flockfile) by a thread. due to a failure to fully link newly added members, removal from the list could leave behind references which could later result in writes to already-freed memory and possibly other memory corruption. implicit stdio locking was unaffected; the list is only used in conjunction with explicit flockfile locking. this bug was not present in any releases; it was introduced and fixed during the same release cycle. patch by Timo Teräs, who discovered and tracked down the bug.

fix linked list corruption in flockfile lists
commit 5345c9b8 added a linked list to track the FILE streams currently locked (via flockfile) by a thread. due to a failure to fully link newly added members, removal from the list could leave behind references which could later result in writes to already-freed memory and possibly other memory corruption. implicit stdio locking was unaffected; the list is only used in conjunction with explicit flockfile locking. this bug was not present in any releases; it was introduced and fixed during the same release cycle. patch by Timo Teräs, who discovered and tracked down the bug.
3e936ce8 · Rich Felker · 18daae31 · 3e936ce8
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

src/stdio/ftrylockfile.c src/stdio/ftrylockfile.c +1 -0

未找到文件。
--- a/src/stdio/ftrylockfile.c
+++ b/src/stdio/ftrylockfile.c
@@ -34,6 +34,7 @@ int ftrylockfile(FILE *f)
 	f->lockcount = 1;
 	f->prev_locked = 0;
 	f->next_locked = self->stdio_locks;
+	if (f->next_locked) f->next_locked->prev_locked = f;
 	self->stdio_locks = f;
 	return 0;
 }