From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tyan0@sourceware.org>
Received: by sourceware.org (Postfix, from userid 7868)
 id 609253858438; Tue, 18 Jan 2022 13:21:30 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 609253858438
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Takashi Yano <tyan0@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: fhandler_base: Fix double free caused when
 open() fails.
X-Act-Checkin: newlib-cygwin
X-Git-Author: Takashi Yano <takashi.yano@nifty.ne.jp>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 0cae2b802b2d8e78af45bd32e5feea86d721c5d2
X-Git-Newrev: ff539cc0f9ba4e52682a2647e4347ead4f2f8787
Message-Id: <20220118132130.609253858438@sourceware.org>
Date: Tue, 18 Jan 2022 13:21:30 +0000 (GMT)
X-BeenThere: cygwin-cvs@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component git logs <cygwin-cvs.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-cvs/>
List-Help: <mailto:cygwin-cvs-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 13:21:30 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3Dff539cc0f9b=
a4e52682a2647e4347ead4f2f8787

commit ff539cc0f9ba4e52682a2647e4347ead4f2f8787
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date:   Tue Jan 18 22:17:37 2022 +0900

    Cygwin: fhandler_base: Fix double free caused when open() fails.
   =20
    - When open fails, archetype stored in archetypes[] is not cleared.
      This causes double free when next open fail. This patch fixes the
      issue.
   =20
    Addresses:
      https://cygwin.com/pipermail/cygwin/2022-January/250518.html

Diff:
---
 winsup/cygwin/fhandler.cc   | 4 ++--
 winsup/cygwin/release/3.3.4 | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc
index fc7c0422e..7d427135e 100644
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -440,8 +440,8 @@ fhandler_base::open_with_arch (int flags, mode_t mode)
   if (!(res =3D (archetype && archetype->io_handle)
 	|| open (flags, mode & 07777)))
     {
-      if (archetype)
-	delete archetype;
+      if (archetype && archetype->usecount =3D=3D 0)
+	cygheap->fdtab.delete_archetype (archetype);
     }
   else if (archetype)
     {
diff --git a/winsup/cygwin/release/3.3.4 b/winsup/cygwin/release/3.3.4
index e09ffefdf..3fa9b9e9c 100644
--- a/winsup/cygwin/release/3.3.4
+++ b/winsup/cygwin/release/3.3.4
@@ -30,3 +30,6 @@ Bug Fixes
 - Fix a problem creating a dir "foo", if a file (but not a Cygwin symlink)
   "foo.lnk" already exists.
   Addresses: https://github.com/msys2/msys2-runtime/issues/81
+
+- Fix double free for archetype, which is caused when open() fails.
+  Addresses: https://cygwin.com/pipermail/cygwin/2022-January/250518.html