* flock.cc (delete_lock_in_parent): Use LIST_FOREACH_SAFE to avoid

	dereferencing freed pointer (CID 60224).

2 files changed, 8 insertions, 3 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e89b60d21..d1253916d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,10 @@
 2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
 
+	* flock.cc (delete_lock_in_parent): Use LIST_FOREACH_SAFE to avoid
+	dereferencing freed pointer (CID 60224).
+
+2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
+
 	* fhandler_procsysvipc.cc (format_procsysvipc_msg): Rearrange code to
 	avoid resource leakage (CID 60002).  Don't use tmp_pathbuf, explain why.
 	Fix indentation.
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 5ea3e067d..4250aba3f 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -1,6 +1,6 @@
 /* flock.cc.  NT specific implementation of advisory file locking.
 
-   Copyright 2003, 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
+   Copyright 2003, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
 
    This file is part of Cygwin.
 
@@ -724,13 +724,13 @@ err:
 DWORD WINAPI
 delete_lock_in_parent (PVOID param)
 {
-  inode_t *node;
+  inode_t *node, *next_node;
   lockf_t *lock, **prev;
 
   /* Scan list of all inodes, and reap stale BSD lock if lf_id matches.
      Remove inode if empty. */
   INODE_LIST_LOCK ();
-  LIST_FOREACH (node, &cygheap->inode_list, i_next)
+  LIST_FOREACH_SAFE (node, &cygheap->inode_list, i_next, next_node)
     if (!node->inuse ())
       {
 	for (prev = &node->i_lockf, lock = *prev; lock; lock = *prev)