commit | d78092e4937de9ce55edcb4ee4c5e3c707be0190 | [log] [tgz] |
---|---|---|
author | Miklos Szeredi <mszeredi@redhat.com> | Fri Sep 18 10:36:50 2020 +0200 |
committer | Miklos Szeredi <mszeredi@redhat.com> | Fri Sep 18 10:36:50 2020 +0200 |
tree | 6374d3ef13d8ee1b6e442b42447005f4e5d35c36 | |
parent | 9a752d18c85ae5da28e4a07d52adfd95eacb2495 [diff] |
fuse: fix page dereference after free After unlock_request() pages from the ap->pages[] array may be put (e.g. by aborting the connection) and the pages can be freed. Prevent use after free by grabbing a reference to the page before calling unlock_request(). The original patch was created by Pradeep P V K. Reported-by: Pradeep P V K <ppvk@codeaurora.org> Cc: <stable@vger.kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>