[PATCH 06/17] fs/squashfs: sqfs_read_directory_table: fix memory leak

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Miquel Raynal <miquel.raynal@bootlin.com>
To: u-boot@lists.denx.de
Subject: [PATCH 06/17] fs/squashfs: sqfs_read_directory_table: fix memory leak
Date: Thu, 15 Oct 2020 15:54:12 +0200	[thread overview]
Message-ID: <20201015155412.2830559d@xps13> (raw)
In-Reply-To: <20201014080622.14970-7-richard.genoud@posteo.net>

Hi Richard,

Richard Genoud <richard.genoud@posteo.net> wrote on Wed, 14 Oct 2020
10:06:11 +0200:

> pos_list wasn't freed on every error
> 
> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>

Same comment here (and probably after as well) as in patch 05/17, not
sure this is actually relevant for the community but I prefer this:

	bar = malloc();
	...
	if (ret)
		goto free_bar;

	foo = malloc();
	...
	if (ret)
		goto free foo;

	...

	foo:
		kfree(foo);
	bar:
		kfree(bar);

than:

	foo = NULL;
	bar = NULL;

	...
	if (ret)
		goto out;
	...
	if (ret)
		goto out;
	...
		out:
	if (ret)
		kfree(...)



> ---
>  fs/squashfs/sqfs.c | 31 +++++++++++++++++--------------
>  1 file changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
> index 55d183663a8..c4d74fd4d6d 100644
> --- a/fs/squashfs/sqfs.c
> +++ b/fs/squashfs/sqfs.c
> @@ -722,6 +722,8 @@ static int sqfs_read_directory_table(unsigned char **dir_table, u32 **pos_list)
>  	unsigned long dest_len = 0;
>  	bool compressed;
>  
> +	*dir_table = NULL;
> +	*pos_list = NULL;
>  	/* DIRECTORY TABLE */
>  	table_size = get_unaligned_le64(&sblk->fragment_table_start) -
>  		get_unaligned_le64(&sblk->directory_table_start);
> @@ -736,35 +738,31 @@ static int sqfs_read_directory_table(unsigned char **dir_table, u32 **pos_list)
>  		return -ENOMEM;
>  
>  	if (sqfs_disk_read(start, n_blks, dtb) < 0)
> -		goto free_dtb;
> +		goto out;
>  
>  	/* Parse directory table (metadata block) header */
>  	ret = sqfs_read_metablock(dtb, table_offset, &compressed, &src_len);
>  	if (ret)
> -		goto free_dtb;
> +		goto out;
>  
>  	/* Calculate total size to store the whole decompressed table */
>  	metablks_count = sqfs_count_metablks(dtb, table_offset, table_size);
>  	if (metablks_count < 1)
> -		goto free_dtb;
> +		goto out;
>  
>  	*dir_table = malloc(metablks_count * SQFS_METADATA_BLOCK_SIZE);
>  	if (!*dir_table)
> -		goto free_dtb;
> +		goto out;
>  
>  	*pos_list = malloc(metablks_count * sizeof(u32));
> -	if (!*pos_list) {
> -		free(*dir_table);
> -		goto free_dtb;
> -	}
> +	if (!*pos_list)
> +		goto out;
>  
>  	ret = sqfs_get_metablk_pos(*pos_list, dtb, table_offset,
>  				   metablks_count);
>  	if (ret) {
>  		metablks_count = -1;
> -		free(*dir_table);
> -		free(*pos_list);
> -		goto free_dtb;
> +		goto out;
>  	}
>  
>  	src_table = dtb + table_offset + SQFS_HEADER_SIZE;
> @@ -780,8 +778,7 @@ static int sqfs_read_directory_table(unsigned char **dir_table, u32 **pos_list)
>  					      &dest_len, src_table, src_len);
>  			if (ret) {
>  				metablks_count = -1;
> -				free(*dir_table);
> -				goto free_dtb;
> +				goto out;
>  			}
>  
>  			if (dest_len < SQFS_METADATA_BLOCK_SIZE) {
> @@ -803,7 +800,13 @@ static int sqfs_read_directory_table(unsigned char **dir_table, u32 **pos_list)
>  		src_table += src_len + SQFS_HEADER_SIZE;
>  	}
>  
> -free_dtb:
> +out:
> +	if (metablks_count < 1) {
> +		free(*dir_table);
> +		free(*pos_list);
> +		*dir_table = NULL;
> +		*pos_list = NULL;
> +	}
>  	free(dtb);
>  
>  	return metablks_count;

Thanks,
Miqu?l

next prev parent reply	other threads:[~2020-10-15 13:54 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-14  8:06 [PATCH 00/17] fs/squashfs: fix memory leaks and introduce exists() function Richard Genoud
2020-10-14  8:06 ` [PATCH 01/17] fs/squashfs: fix board hang-up when calling .exists() Richard Genoud
2020-10-14  8:06 ` [PATCH 02/17] fs/squashfs: sqfs_opendir: fix some memory leaks and dangling pointers Richard Genoud
2020-10-14  8:06 ` [PATCH 03/17] fs/squashfs: sqfs_opendir: simplify error handling Richard Genoud
2020-10-14  8:06 ` [PATCH 04/17] fs/squashfs: sqfs_closedir: fix memory leak Richard Genoud
2020-10-14  8:06 ` [PATCH 05/17] fs/squashfs: sqfs_split_path: fix memory leak and dangling pointers Richard Genoud
2020-10-15 13:49   ` Miquel Raynal
2020-10-14  8:06 ` [PATCH 06/17] fs/squashfs: sqfs_read_directory_table: fix memory leak Richard Genoud
2020-10-15 13:54   ` Miquel Raynal [this message]
2020-10-15 16:29     ` Richard Genoud
2020-10-15 16:38       ` Miquel Raynal
2020-10-16 12:31         ` Richard Genoud
2020-10-16 12:34           ` Miquel Raynal
2020-10-14  8:06 ` [PATCH 07/17] fs/squashfs: sqfs_search_dir: fix dangling pointer Richard Genoud
2020-10-14  8:06 ` [PATCH 08/17] fs/squashfs: sqfs_search_dir: fix memory leaks Richard Genoud
2020-10-14  8:06 ` [PATCH 09/17] fs/squashfs: sqfs_read_inode_table: fix dangling pointer Richard Genoud
2020-10-14  8:06 ` [PATCH 10/17] fs/squashfs: sqfs_concat_tokens: check if malloc succeeds Richard Genoud
2020-10-14  8:06 ` [PATCH 11/17] fs/squashfs: sqfs_size: fix dangling pointer dirs->entry Richard Genoud
2020-10-14  8:06 ` [PATCH 12/17] fs/squashfs: sqfs_size: remove useless sqfs_closedir() Richard Genoud
2020-10-14  8:06 ` [PATCH 13/17] fs/squashfs: sqfs_read: fix dangling pointer dirs->entry Richard Genoud
2020-10-14  8:06 ` [PATCH 14/17] fs/squashfs: sqfs_read: remove useless sqfs_closedir() Richard Genoud
2020-10-14  8:06 ` [PATCH 15/17] fs/squashfs: sqfs_read: fix memory leak Richard Genoud
2020-10-16 14:49   ` Richard Genoud
2020-10-14  8:06 ` [PATCH 16/17] fs/squashfs: sqfs_read: fix another " Richard Genoud
2020-10-14  8:06 ` [PATCH 17/17] fs/squashfs: implement exists() function Richard Genoud

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201015155412.2830559d@xps13 \
    --to=miquel.raynal@bootlin.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.