From e7ef920d7d0dcff8cfe7a0c914f803b8c78900bb Mon Sep 17 00:00:00 2001 From: Takashi Yano Date: Thu, 14 Nov 2024 00:44:41 +0900 Subject: [PATCH] Cygwin: lockf: Fix access violation in lf_clearlock(). The commit ae181b0ff122 has a bug that the pointer is referred bofore NULL check in the function lf_clearlock(). This patch fixes that. Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html Fixes: ae181b0ff122 ("Cygwin: lockf: Make lockf() return ENOLCK when too many locks") Reported-by: Sebastian Feld Reviewed-by: Corinna Vinschen Signed-off-by: Takashi Yano --- winsup/cygwin/flock.cc | 6 ++++-- winsup/cygwin/release/3.5.5 | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc index 3821bddd6..794e66bd7 100644 --- a/winsup/cygwin/flock.cc +++ b/winsup/cygwin/flock.cc @@ -1524,6 +1524,10 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl) lockf_t *lf = *head; lockf_t *overlap, **prev; int ovcase; + + if (lf == NOLOCKF) + return 0; + inode_t *node = lf->lf_inode; tmp_pathbuf tp; node->i_all_lf = (lockf_t *) tp.w_get (); @@ -1531,8 +1535,6 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl) uint32_t lock_cnt = node->get_lock_count (); bool first_loop = true; - if (lf == NOLOCKF) - return 0; prev = head; while ((ovcase = lf_findoverlap (lf, unlock, SELF, &prev, &overlap))) { diff --git a/winsup/cygwin/release/3.5.5 b/winsup/cygwin/release/3.5.5 index 3088f8682..13982632b 100644 --- a/winsup/cygwin/release/3.5.5 +++ b/winsup/cygwin/release/3.5.5 @@ -36,3 +36,6 @@ Fixes: - Fix potential stack corruption in rmdir() in a border case. Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256774.html + +- Fix access violation in lf_clearlock() called from flock(). + Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html