6934da9238
There is a use-after-free possibility in __ext4_journal_stop() in the case that we free the handle in the first jbd2_journal_stop() because we're referencing handle->h_err afterwards. This was introduced in9705acd63band it is wrong. Fix it by storing the handle->h_err value beforehand and avoid referencing potentially freed handle. Fixes:9705acd63bSigned-off-by: Lukas Czerner <lczerner@redhat.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Cc: stable@vger.kernel.org
7.9 KiB
7.9 KiB