mirror of https://github.com/acidanthera/audk.git
27b9cb33e7
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1279 For function ResolveSymlink(), the below codes: if (CompareMem ((VOID *)&PreviousFile, (VOID *)Parent, sizeof (UDF_FILE_INFO)) != 0) { CleanupFileInformation (&PreviousFile); } CopyMem ((VOID *)&PreviousFile, (VOID *)File, sizeof (UDF_FILE_INFO)); If the contents in 'PreviousFile' and 'File' are the same, call to "CleanupFileInformation (&PreviousFile);" will free the buffers in 'File' as well. This will lead to potential memory double free/use after free issues. This commit will add additional check to address the above issue. Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> |
||
|---|---|---|
| .. | ||
| Application | ||
| Bus | ||
| Core | ||
| Include | ||
| Library | ||
| Logo | ||
| Universal | ||
| MdeModulePkg.dec | ||
| MdeModulePkg.dsc | ||
| MdeModulePkg.uni | ||
| MdeModulePkgExtra.uni | ||