[PATCH] Cygwin: fhandler_base: Fix double free caused when open() fails.

Takashi Yano takashi.yano@nifty.ne.jp
Mon Jan 17 23:05:07 GMT 2022


- When open fails, archetype stored in archetypes[] is not cleared.
  This causes double free when next open fail. This patch fixes the
  issue.

Addresses:
  https://cygwin.com/pipermail/cygwin/2022-January/250518.html
---
 winsup/cygwin/fhandler.cc   | 4 ++--
 winsup/cygwin/release/3.3.4 | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc
index fc7c0422e..7d427135e 100644
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -440,8 +440,8 @@ fhandler_base::open_with_arch (int flags, mode_t mode)
   if (!(res = (archetype && archetype->io_handle)
 	|| open (flags, mode & 07777)))
     {
-      if (archetype)
-	delete archetype;
+      if (archetype && archetype->usecount == 0)
+	cygheap->fdtab.delete_archetype (archetype);
     }
   else if (archetype)
     {
diff --git a/winsup/cygwin/release/3.3.4 b/winsup/cygwin/release/3.3.4
index 7c37a575c..71f8dc888 100644
--- a/winsup/cygwin/release/3.3.4
+++ b/winsup/cygwin/release/3.3.4
@@ -23,3 +23,6 @@ Bug Fixes
 
 - Fix an "Invalid argument" problem in posix_spawn on i686.
   Addresses: https://cygwin.com/pipermail/cygwin/2022-January/250453.html
+
+- Fix double free for archetype, which is caused when open() fails.
+  Addresses: https://cygwin.com/pipermail/cygwin/2022-January/250518.html
-- 
2.34.1



More information about the Cygwin-patches mailing list