You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
There is no check, within fs_open, whether the provided zfp already points to used object.
This means that when fs_open is used twice on the same object it will overwrite contents of
zfp before passing execution to file system driver.
This may lead to two possible outcomes, depending on whether zfp is used for opening (1) file with the same path or (2) file with different path.
According to fs_api tests (1) should end with an error, but this is actually left to file system driver and is not certain.
In both cases the file system driver will be called which may result in resource leak; e.g. LittleFS will allocate slab memory overwriting original pointer within provided fs_file_t object before further deciding if open is successful or not; this means that at this point, if there has been already memory allocated by previous fs_open, if such occurred.
Depending on whether error occurred or not, and on stage, the pointers may be pointing to new resources, that might have been already released and is invalid, or NULL
To Reproduce
Using LittleFS mounted partition.
Call fs_open, on different or the same file, twice and observe fs_file_t->filep.
Expected behavior
Not breaking the original structure and returning with error instead.
Impact
Possible data corruption, resource leaks, double assignment of the same file system driver structures to different file streams.
Workaround
Always fs_closefs_file_t before reusing structure. Avoid double-open as even on error the original fs_file_t object will be damaged.
Environment (please complete the following information):
-- zephyrproject-rtos/zephyr: c13603e
The text was updated successfully, but these errors were encountered:
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.
Fixes problem when fs_open invoked on fs_file_t object, which is already
holding information on opened file, overwrites references to other
memory objects within the fs_file_t object causing resource leak.
If fs_open is invoked on already used fs_file_t object, it will return
-EBUSY.
Note: The change requires that all fs_file_t objects should be
initialized to 0.
Fixes: zephyrproject-rtos#29478
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes problem when fs_open invoked on fs_file_t object, which is already
holding information on opened file, overwrites references to other
memory objects within the fs_file_t object causing resource leak.
If fs_open is invoked on already used fs_file_t object, it will return
-EBUSY.
Note: The change requires that all fs_file_t objects should be
initialized to 0.
Fixes: #29478
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Describe the bug
There is no check, within
fs_open
, whether the provided zfp already points to used object.This means that when
fs_open
is used twice on the same object it will overwrite contents ofzfp before passing execution to file system driver.
This may lead to two possible outcomes, depending on whether zfp is used for opening (1) file with the same path or (2) file with different path.
According to fs_api tests (1) should end with an error, but this is actually left to file system driver and is not certain.
In both cases the file system driver will be called which may result in resource leak; e.g. LittleFS will allocate slab memory overwriting original pointer within provided
fs_file_t
object before further deciding if open is successful or not; this means that at this point, if there has been already memory allocated by previousfs_open
, if such occurred.Depending on whether error occurred or not, and on stage, the pointers may be pointing to new resources, that might have been already released and is invalid, or NULL
To Reproduce
Using LittleFS mounted partition.
Call fs_open, on different or the same file, twice and observe
fs_file_t->filep
.Expected behavior
Not breaking the original structure and returning with error instead.
Impact
Possible data corruption, resource leaks, double assignment of the same file system driver structures to different file streams.
Workaround
Always
fs_close
fs_file_t
before reusing structure. Avoid double-open as even on error the originalfs_file_t
object will be damaged.Environment (please complete the following information):
-- zephyrproject-rtos/zephyr: c13603e
The text was updated successfully, but these errors were encountered: