Cygwin: lockf: Fix access violation in lf_clearlock().

The commit ae181b0ff1 has a bug that the pointer is referred bofore NULL check in the function lf_clearlock(). This patch fixes that. Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html Fixes: ae181b0ff1 ("Cygwin: lockf: Make lockf() return ENOLCK when too many locks") Reported-by: Sebastian Feld <sebastian.n.feld@gmail.com> Reviewed-by: Corinna Vinschen <corinna@vinschen.de> Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
2024-11-14 00:44:41 +09:00 · 2024-11-14 00:44:41 +09:00 · e7ef920d7d
parent 5daf14f5f5
commit e7ef920d7d
2 changed files with 7 additions and 2 deletions
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@ -1524,6 +1524,10 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl)
  lockf_t *lf = *head;
  lockf_t *overlap, **prev;
  int ovcase;
+
+  if (lf == NOLOCKF)
+    return 0;
+
  inode_t *node = lf->lf_inode;
  tmp_pathbuf tp;
  node->i_all_lf = (lockf_t *) tp.w_get ();
@ -1531,8 +1535,6 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl)
  uint32_t lock_cnt = node->get_lock_count ();
  bool first_loop = true;

-  if (lf == NOLOCKF)
-    return 0;
  prev = head;
  while ((ovcase = lf_findoverlap (lf, unlock, SELF, &prev, &overlap)))
    {
--- a/winsup/cygwin/release/3.5.5
+++ b/winsup/cygwin/release/3.5.5
@ -36,3 +36,6 @@ Fixes:

 - Fix potential stack corruption in rmdir() in a border case.
  Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256774.html
+
+- Fix access violation in lf_clearlock() called from flock().
+  Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html