Please sign in to comment.
Fix use-after-free in flashcache_destroy
The sb variable points to buf. But buf gets freed and reallocated, so the old pointer points to freed memory. The variable is then reused to invalidate the cache_sb_state, but the change never gets saved because the buf that is written to disk does not point to the same memory.
- Loading branch information...