From 9e1601add411511c94527f6f7f6f071729b0c52c Mon Sep 17 00:00:00 2001
From: Frank Dinoff <fdinoff@google.com>
Date: Tue, 26 Jul 2022 15:49:01 -0400
Subject: Use destroy_req instead of free to destroy fuse_req

If we get the interrupt before the fuse op, the fuse_req is deleted without
decrementing the refcount on the cloned file descriptor. This leads to a
leak of the cloned /dev/fuse file descriptor.
---
 lib/fuse_lowlevel.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index e5de2a5..e82cd9e 100644
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -1762,7 +1762,9 @@ static struct fuse_req *check_interrupt(struct fuse_session *se,
 		if (curr->u.i.unique == req->unique) {
 			req->interrupted = 1;
 			list_del_req(curr);
-			free(curr);
+			fuse_chan_put(curr->ch);
+			curr->ch = NULL;
+			destroy_req(curr);
 			return NULL;
 		}
 	}
-- 
cgit v1.2.1