From e7ef920d7d0dcff8cfe7a0c914f803b8c78900bb Mon Sep 17 00:00:00 2001
From: Takashi Yano <takashi.yano@nifty.ne.jp>
Date: Thu, 14 Nov 2024 00:44:41 +0900
Subject: [PATCH] Cygwin: lockf: Fix access violation in lf_clearlock().

The commit ae181b0ff122 has a bug that the pointer is referred bofore
NULL check in the function lf_clearlock(). This patch fixes that.

Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html
Fixes: ae181b0ff122 ("Cygwin: lockf: Make lockf() return ENOLCK when too many locks")
Reported-by: Sebastian Feld <sebastian.n.feld@gmail.com>
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
---
 winsup/cygwin/flock.cc      | 6 ++++--
 winsup/cygwin/release/3.5.5 | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 3821bddd6..794e66bd7 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -1524,6 +1524,10 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl)
   lockf_t *lf = *head;
   lockf_t *overlap, **prev;
   int ovcase;
+
+  if (lf == NOLOCKF)
+    return 0;
+
   inode_t *node = lf->lf_inode;
   tmp_pathbuf tp;
   node->i_all_lf = (lockf_t *) tp.w_get ();
@@ -1531,8 +1535,6 @@ lf_clearlock (lockf_t *unlock, lockf_t **clean, HANDLE fhdl)
   uint32_t lock_cnt = node->get_lock_count ();
   bool first_loop = true;
 
-  if (lf == NOLOCKF)
-    return 0;
   prev = head;
   while ((ovcase = lf_findoverlap (lf, unlock, SELF, &prev, &overlap)))
     {
diff --git a/winsup/cygwin/release/3.5.5 b/winsup/cygwin/release/3.5.5
index 3088f8682..13982632b 100644
--- a/winsup/cygwin/release/3.5.5
+++ b/winsup/cygwin/release/3.5.5
@@ -36,3 +36,6 @@ Fixes:
 
 - Fix potential stack corruption in rmdir() in a border case.
   Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256774.html
+
+- Fix access violation in lf_clearlock() called from flock().
+  Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256750.html
-- 
2.43.5