From 6d613223cca0a84c144d10ed09b3a0ce0450d174 Mon Sep 17 00:00:00 2001 From: Sonja Kolen Date: Mon, 9 Jul 2018 12:54:18 +0200 Subject: [PATCH] memory: fix use after free --- lib/memory.c | 4 +++- lib/memory/heap.c | 1 - lib/memory/hugepage.c | 2 -- lib/memory/ib.c | 2 -- lib/memory/managed.c | 2 -- 5 files changed, 3 insertions(+), 8 deletions(-) diff --git a/lib/memory.c b/lib/memory.c index 63092de24..7cc3b63c1 100644 --- a/lib/memory.c +++ b/lib/memory.c @@ -135,10 +135,12 @@ int memory_free(void *ptr) return ret; /* Remove allocation entry */ - ret = hash_table_delete(&allocations, ma->address); + ret = hash_table_delete(&allocations, ptr); if (ret) return ret; + free(ma); + return 0; } diff --git a/lib/memory/heap.c b/lib/memory/heap.c index 95d564bd3..353a6840f 100644 --- a/lib/memory/heap.c +++ b/lib/memory/heap.c @@ -52,7 +52,6 @@ static struct memory_allocation * memory_heap_alloc(struct memory_type *m, size_ static int memory_heap_free(struct memory_type *m, struct memory_allocation *ma) { free(ma->address); - free(ma); return 0; } diff --git a/lib/memory/hugepage.c b/lib/memory/hugepage.c index 28b84f418..73263388b 100644 --- a/lib/memory/hugepage.c +++ b/lib/memory/hugepage.c @@ -87,8 +87,6 @@ static int memory_hugepage_free(struct memory_type *m, struct memory_allocation if (ret) return ret; - free(ma); - return 0; } diff --git a/lib/memory/ib.c b/lib/memory/ib.c index 6cf0dbc66..993b5398d 100644 --- a/lib/memory/ib.c +++ b/lib/memory/ib.c @@ -76,8 +76,6 @@ static int memory_ib_free(struct memory_type *m, struct memory_allocation *ma) if (ret) return ret; - free(ma); - return 0; } diff --git a/lib/memory/managed.c b/lib/memory/managed.c index 3e97b8b39..7429fc843 100644 --- a/lib/memory/managed.c +++ b/lib/memory/managed.c @@ -152,8 +152,6 @@ static int memory_managed_free(struct memory_type *m, struct memory_allocation * block->used = false; } - free(ma); - return 0; }