Aaron Nyholm created an issue: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5381
## Summary In 7da577f in `jffs2_flashdev.c` when mount fails both `mount_data` and `instance` are freed if the mount fails. This is an unnecessary free which leads to a double free as in `jffs2/src/fs-rtems.c` when the mount fails the destroy handler is called `fs-rtems.c:1493 -> rtems_jffs2_free_fs_info -> rtems_jffs2_flash_control_destroy`. ```<5>JFFS2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x008e0024: 0x9fa6 instead <5>JFFS2: Further such events for this erase block will not be printed <5>JFFS2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes <5>JFFS2: empty_blocks 17, bad_blocks 0, c->nr_blocks 159 <5>JFFS2: nr_erasing_blocks 159, used 0x0, dirty 0x8cd520, wasted 0x0, free 0x122ae0, erasing 0x0, bad 0x0, obsolete 0x460, unchecked 0x0 *** FATAL *** fatal source: 12 (RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE) CPU: 0 fatal code: 80382272 (0x04ca8940) RTEMS version: 7.0.0.de8da59ba1d756822acf44d838707e2b368b8b2c RTEMS tools: 15.2.0 20250808 (RTEMS 7, RSB 63785b8c2717fe5f174ed0fa9c2abdde2a0ec2be, Newlib 038afec1) executing thread ID: 0x0a010002 executing thread name: UI1``` ## Steps to reproduce Mount an fully corrupted JFFS2 partition on a flashdev using `jffs2_flashdev_mount` This issue is present in `main` and `6`. /milestone %7.1 -- View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5381 You're receiving this email because of your account on gitlab.rtems.org.
_______________________________________________ bugs mailing list [email protected] http://lists.rtems.org/mailman/listinfo/bugs
