From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tyan0@sourceware.org>
Received: by sourceware.org (Postfix, from userid 7868)
 id ADFD83858438; Tue, 18 Jan 2022 13:22:06 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ADFD83858438
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Takashi Yano <tyan0@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin/cygwin-3_3-branch] Cygwin: fhandler_base: Fix double
 free caused when open() fails.
X-Act-Checkin: newlib-cygwin
X-Git-Author: Takashi Yano <takashi.yano@nifty.ne.jp>
X-Git-Refname: refs/heads/cygwin-3_3-branch
X-Git-Oldrev: bb39eeecab78ff05714348e81cc83609c2e06c7b
X-Git-Newrev: f5d654c24e85f984ff34461934395b36fea2be0f
Message-Id: <20220118132206.ADFD83858438@sourceware.org>
Date: Tue, 18 Jan 2022 13:22:06 +0000 (GMT)
X-BeenThere: cygwin-cvs@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component git logs <cygwin-cvs.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-cvs/>
List-Help: <mailto:cygwin-cvs-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 13:22:06 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3Df5d654c24e8=
5f984ff34461934395b36fea2be0f

commit f5d654c24e85f984ff34461934395b36fea2be0f
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date:   Tue Jan 18 22:17:37 2022 +0900

    Cygwin: fhandler_base: Fix double free caused when open() fails.
   =20
    - When open fails, archetype stored in archetypes[] is not cleared.
      This causes double free when next open fail. This patch fixes the
      issue.
   =20
    Addresses:
      https://cygwin.com/pipermail/cygwin/2022-January/250518.html

Diff:
---
 winsup/cygwin/fhandler.cc   | 4 ++--
 winsup/cygwin/release/3.3.4 | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc
index fc7c0422e..7d427135e 100644
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -440,8 +440,8 @@ fhandler_base::open_with_arch (int flags, mode_t mode)
   if (!(res =3D (archetype && archetype->io_handle)
 	|| open (flags, mode & 07777)))
     {
-      if (archetype)
-	delete archetype;
+      if (archetype && archetype->usecount =3D=3D 0)
+	cygheap->fdtab.delete_archetype (archetype);
     }
   else if (archetype)
     {
diff --git a/winsup/cygwin/release/3.3.4 b/winsup/cygwin/release/3.3.4
index e09ffefdf..3fa9b9e9c 100644
--- a/winsup/cygwin/release/3.3.4
+++ b/winsup/cygwin/release/3.3.4
@@ -30,3 +30,6 @@ Bug Fixes
 - Fix a problem creating a dir "foo", if a file (but not a Cygwin symlink)
   "foo.lnk" already exists.
   Addresses: https://github.com/msys2/msys2-runtime/issues/81
+
+- Fix double free for archetype, which is caused when open() fails.
+  Addresses: https://cygwin.com/pipermail/cygwin/2022-January/250518.html