From 6c0251d145e44b7cdfeb9767c615646fb8f51320 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 22 Nov 2012 13:53:15 +0100 Subject: [PATCH] udf: Don't return freed memory from udf_fopen When trying to open a file located in the root directory of the UDF filesystem, we call udf_ff_open with the dirent corresponding to the root dir and the filename. In this case, udf_ff_open will return the same dirent as the one that was passed as argument, so we must not free it as we'll be returning it. This causes a crash with iso-read when trying to read a file located at the root of the image. --- lib/udf/udf_fs.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/udf/udf_fs.c b/lib/udf/udf_fs.c index 5f5add7..1e0601e 100644 --- a/lib/udf/udf_fs.c +++ b/lib/udf/udf_fs.c @@ -257,7 +257,8 @@ udf_fopen(udf_dirent_t *p_udf_root, const char *psz_name) p_udf_root->psz_name, p_udf_root->b_dir, p_udf_root->b_parent); p_udf_file = udf_ff_traverse(p_udf_dirent, psz_token); - udf_dirent_free(p_udf_dirent); + if (p_udf_file != p_udf_dirent) + udf_dirent_free(p_udf_dirent); } else if ( 0 == strncmp("/", psz_name, sizeof("/")) ) { return udf_new_dirent(&p_udf_root->fe, p_udf_root->p_udf, -- 1.7.2.5