Fix use after free in _stdio_closeall (#364)

While this was probably harmless because we are single-threaded, the allocator could generally store its internal structure in the freed block.
llvm-mos · Aug 26, 2024 · 2e15e78 · 2e15e78
1 parent 4580c22
commit 2e15e78
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/mos-platform/common/c/stdio-full.c b/mos-platform/common/c/stdio-full.c
@@ -81,8 +81,11 @@ asm(".section .fini.100,\"axR\",@progbits\n"
     "  jsr _stdio_closeall\n");
 
 void _stdio_closeall(void) {
-  for (FILE *f = filelist; f; f = f->next)
+  for (FILE *f = filelist; f;) {
+    FILE *next = f->next;
     fclose(f);
+    f = next;
+  }
 }
 
 /* A system call that writes a stream's buffer.