From 8f899881c678bb6b22bf4d1594648da545379755 Mon Sep 17 00:00:00 2001
From: Anton Kling <anton@kling.gg>
Date: Mon, 1 Jul 2024 15:41:59 +0200
Subject: Bug fix: avoid use after free

---
 kernel/fs/tmpfs.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'kernel/fs')

diff --git a/kernel/fs/tmpfs.c b/kernel/fs/tmpfs.c
index 5adf8de..d418e2c 100644
--- a/kernel/fs/tmpfs.c
+++ b/kernel/fs/tmpfs.c
@@ -22,6 +22,9 @@ int tmp_can_write(vfs_inode_t *inode) {
 }
 
 int tmp_write(u8 *buffer, u64 offset, u64 len, vfs_fd_t *fd) {
+  if (!fd->inode->is_open) {
+    return -EPIPE;
+  }
   tmp_inode *calling_file = fd->inode->internal_object;
   tmp_inode *child_file = calling_file->read_inode->internal_object;
   if (child_file->is_closed) {
@@ -32,6 +35,9 @@ int tmp_write(u8 *buffer, u64 offset, u64 len, vfs_fd_t *fd) {
 }
 
 int tmp_read(u8 *buffer, u64 offset, u64 len, vfs_fd_t *fd) {
+  if (!fd->inode->is_open) {
+    return -EPIPE;
+  }
   tmp_inode *calling_file = fd->inode->internal_object;
   if (calling_file->is_closed) {
     return -EPIPE;
-- 
cgit v1.2.3