[PATCH 3/5] ubifs: fix potential memory leak
Sascha Hauer
s.hauer at pengutronix.de
Thu Jul 7 00:06:27 PDT 2016
On Wed, Jul 06, 2016 at 09:32:50PM +0200, Lucas Stach wrote:
> Need to go through the regular error path in order to free
> "buf" correctly.
>
> Signed-off-by: Lucas Stach <dev at lynxeye.de>
> ---
> fs/ubifs/lprops.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ubifs/lprops.c b/fs/ubifs/lprops.c
> index 28a1d3d..f880a89 100644
> --- a/fs/ubifs/lprops.c
> +++ b/fs/ubifs/lprops.c
> @@ -1095,14 +1095,16 @@ static int scan_check_cb(struct ubifs_info *c,
> lst->empty_lebs += 1;
> lst->total_free += c->leb_size;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
> if (lp->free + lp->dirty == c->leb_size &&
> !(lp->flags & LPROPS_INDEX)) {
> lst->total_free += lp->free;
> lst->total_dirty += lp->dirty;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
>
> sleb = ubifs_scan(c, lnum, 0, buf, 0);
"buf' is only used after these two if() blocks, so it should simply be
allocated afterwards.
The same bug is also present in the kernel, so you might want to send it
there aswell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list