[PATCH] fs: Fix memory leak in mount()
Sam Ravnborg
sam at ravnborg.org
Fri Jan 26 13:10:25 PST 2018
Hi Sasha.
On Fri, Jan 26, 2018 at 08:42:27PM +0100, Sascha Hauer wrote:
> "path" is allocated by normalise_path() and thus must be
> freed. This was done in the error path, but not in the success
> path.
>
> Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> ---
> fs/fs.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/fs.c b/fs/fs.c
> index 6f15e93ba9..7d0d97906d 100644
> --- a/fs/fs.c
> +++ b/fs/fs.c
> @@ -1392,6 +1392,8 @@ int mount(const char *device, const char *fsname, const char *_path,
> fsdev_set_linux_rootarg(fsdev, str);
> }
>
> + free(path);
> +
> return 0;
>
> err_no_driver:
An out: label so we only called free once was also an option.
Both patterns are used in this file - so either should be OK.
While browsing this file I think there is a few similar
cases involving normalise_path():
automount_remove()
path is assigned, but never freed.
automount_add()
am is allocated, but not freed if we return -ENOTDIR. And thus all of path, cmd, and am is leaked
I also noticed:
opendir()
No check for PTR_ERR after calling canonalize_path()
unlink()
No check for PTR_ERR after call to canonalize_dir()
readlink()
No check for PTR_ERR after call to canonalize_dir()
I can create patch for these - but I cannot do any thrustworthy testing.
And for the canonalize() I am uncertain if the check is requied.
Let me know your preference and I will take care.
Sam
More information about the barebox
mailing list