From 7e7f15d494c6fcdbba8e7ba24ce9ca04181a3f7b Mon Sep 17 00:00:00 2001
From: Anton Kling <anton@kling.gg>
Date: Sat, 6 Jul 2024 18:19:02 +0200
Subject: Bug fix: Fix use after free when closing a pipe

The other inode might already have been freed when close() is called.
---
 kernel/fs/tmpfs.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'kernel')

diff --git a/kernel/fs/tmpfs.c b/kernel/fs/tmpfs.c
index 2ce8ece..f979d92 100644
--- a/kernel/fs/tmpfs.c
+++ b/kernel/fs/tmpfs.c
@@ -7,6 +7,9 @@
 #include <typedefs.h>
 
 void tmp_close(vfs_fd_t *fd) {
+  if (!fd->inode->is_open) {
+    return;
+  }
   fd->inode->is_open = 0;
   ((tmp_inode *)fd->inode->internal_object)->read_inode->is_open = 0;
 }
-- 
cgit v1.2.3