The FATFS library is downloaded from https://www.freertos.org/FreeRTOS-Labs/RTOS_labs_download.html and https://www.freertos.org/FreeRTOS-Labs/downloads/FreeRTOS-Plus-FAT-160919a-MIT.zip
FATFS is a compatible embedded FAT file system for use with or without RTOS.
The function FF_Close() is defined in ff_file.c. In the line 2970, the file handler pxFile is freed by the function ffconfigFREE(), which default is a macro definition of vPortFree(), but the handler pxFile reused as a part of arguments to flush modified file content from cache to disk by the function FF_FlushCache() in the line 2974.
The bugs type is use after free. If the freed heap of pxFile is reused before the function FF_FlushCache() is executed, which is possible due to task scheduler, random content may be writed to disk by the flushing cache operation.
The CVE ID assigned to this bug is CVE-2019-18178.
To make it more clear. I restate the bug as follows.
There is a use-after-free bug in the FreeRTOS-Plus-FAT libary distributed at https://www.freertos.org/FreeRTOS-Labs/downloads/FreeRTOS-Plus-FAT-160919a-MIT.zip.
The FATFS library is a compatible embedded FAT file system for use with or without RTOS. The bug exists in the function FF_Close() in ff_file.c. In the line 2970, the file handler pxFile is freed by the function ffconfigFREE(), which by default is a macro of vPortFree(). Later it is reused by the function FF_FlushCache() in the line 2974 to flush the modified file content from the cache to the disk. A CVE ID has assigned to this bug (CVE-2019-18178).
Thanks for taking the time - the bug is clear, and the fix simple, so will make the necessary updates.
CVE-2019-18178 has recently been addressed. The most recent FreeRTOS+FAT lab project could be downloaded here. https://www.freertos.org/FreeRTOS-Labs/RTOS_labs_download.html (zip name string has *191108*.)