* flock.cc (delete_lock_in_parent): Use LIST_FOREACH_SAFE to avoid

	dereferencing freed pointer (CID 60224).

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e89b60d2119c5c47d75da2fcc8aab51ad376b3ae..d1253916dac98df00acac3a966edb6d746e4fc3d 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
+
+       * flock.cc (delete_lock_in_parent): Use LIST_FOREACH_SAFE to avoid
+       dereferencing freed pointer (CID 60224).
+
 2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
 
        * fhandler_procsysvipc.cc (format_procsysvipc_msg): Rearrange code to

diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 5ea3e067d34b4df2871560ef2b2e60c5fb52878f..4250aba3f2793a1a5aed17caaf16118886d0a79b 100644 (file)
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -1,6 +1,6 @@
 /* flock.cc.  NT specific implementation of advisory file locking.
 
-   Copyright 2003, 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
+   Copyright 2003, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
 
    This file is part of Cygwin.
 
@@ -724,13 +724,13 @@ err:
 DWORD WINAPI
 delete_lock_in_parent (PVOID param)
 {
-  inode_t *node;
+  inode_t *node, *next_node;
   lockf_t *lock, **prev;
 
   /* Scan list of all inodes, and reap stale BSD lock if lf_id matches.
      Remove inode if empty. */
   INODE_LIST_LOCK ();
-  LIST_FOREACH (node, &cygheap->inode_list, i_next)
+  LIST_FOREACH_SAFE (node, &cygheap->inode_list, i_next, next_node)
     if (!node->inuse ())
       {
        for (prev = &node->i_lockf, lock = *prev; lock; lock = *prev)