From b121d0e88b63f8189e00f8a57a5fc822c64c2a84 Mon Sep 17 00:00:00 2001 From: Tulio A M Mendes Date: Sat, 18 Apr 2026 21:17:24 -0300 Subject: [PATCH] Fix FAT/ext2 heap corruption: skip kfree on static root nodes fat_close_impl and ext2_close_impl unconditionally called kfree() on the node passed to vfs_close(). When a directory fd pointed to a filesystem mount root (a static variable like g_fat_root or g_ext2_root), this kfree corrupted the heap (bad magic 0x0). diskfs_close_impl already had the guard pattern (dn == &g_root). Apply the same guard to fat and ext2 close handlers. --- src/kernel/ext2.c | 1 + src/kernel/fat.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/kernel/ext2.c b/src/kernel/ext2.c index fd9214ba..4df284c3 100644 --- a/src/kernel/ext2.c +++ b/src/kernel/ext2.c @@ -569,6 +569,7 @@ static const struct inode_operations ext2_dir_iops = { static void ext2_close_impl(fs_node_t* node) { if (!node) return; struct ext2_node* en = (struct ext2_node*)node; + if (en == &g_ext2_root) return; kfree(en); } diff --git a/src/kernel/fat.c b/src/kernel/fat.c index cab38b81..8c1581ee 100644 --- a/src/kernel/fat.c +++ b/src/kernel/fat.c @@ -519,6 +519,7 @@ static const struct inode_operations fat_dir_iops = { static void fat_close_impl(fs_node_t* node) { if (!node) return; struct fat_node* fn = (struct fat_node*)node; + if (fn == &g_fat_root) return; kfree(fn); } -- 2.43.0