public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Fix memory leaks in binfmt_flat.c
@ 2003-09-22 20:01 "Alexey Dobriyan" 
  2003-09-22 23:53 ` David McCullough
  0 siblings, 1 reply; 2+ messages in thread
From: "Alexey Dobriyan"  @ 2003-09-22 20:01 UTC (permalink / raw)
  To: gerg; +Cc: davidm, linux-kernel

Fix memory leaks in /fs/binfmt_flat.c::decompress_exec()

diff -urN a/fs/binfmt_flat.c b/fs/binfmt_flat.c
--- a/fs/binfmt_flat.c	2003-09-08 23:49:50.000000000 +0400
+++ b/fs/binfmt_flat.c	2003-09-22 22:48:52.000000000 +0400
@@ -179,7 +179,7 @@
 	unsigned char *buf;
 	z_stream strm;
 	loff_t fpos;
-	int ret;
+	int ret, retval;
 
 	DBG_FLT("decompress_exec(offset=%x,buf=%x,len=%x)\n",(int)offset, (int)dst, (int)len);
 
@@ -192,7 +192,8 @@
 	buf = kmalloc(LBUFSIZE, GFP_KERNEL);
 	if (buf == NULL) {
 		DBG_FLT("binfmt_flat: no memory for read buffer\n");
-		return -ENOMEM;
+		retval = -ENOMEM;
+		goto out_free;
 	}
 
 	/* Read in first chunk of data and parse gzip header. */
@@ -203,28 +204,30 @@
 	strm.avail_in = ret;
 	strm.total_in = 0;
 
+	retval = -ENOEXEC;
+
 	/* Check minimum size -- gzip header */
 	if (ret < 10) {
 		DBG_FLT("binfmt_flat: file too small?\n");
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 
 	/* Check gzip magic number */
 	if ((buf[0] != 037) || ((buf[1] != 0213) && (buf[1] != 0236))) {
 		DBG_FLT("binfmt_flat: unknown compression magic?\n");
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 
 	/* Check gzip method */
 	if (buf[2] != 8) {
 		DBG_FLT("binfmt_flat: unknown compression method?\n");
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 	/* Check gzip flags */
 	if ((buf[3] & ENCRYPTED) || (buf[3] & CONTINUATION) ||
 	    (buf[3] & RESERVED)) {
 		DBG_FLT("binfmt_flat: unknown flags?\n");
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 
 	ret = 10;
@@ -232,7 +235,7 @@
 		ret += 2 + buf[10] + (buf[11] << 8);
 		if (unlikely(LBUFSIZE == ret)) {
 			DBG_FLT("binfmt_flat: buffer overflow (EXTRA)?\n");
-			return -ENOEXEC;
+			goto out_free_buf;
 		}
 	}
 	if (buf[3] & ORIG_NAME) {
@@ -240,7 +243,7 @@
 			;
 		if (unlikely(LBUFSIZE == ret)) {
 			DBG_FLT("binfmt_flat: buffer overflow (ORIG_NAME)?\n");
-			return -ENOEXEC;
+			goto out_free_buf;
 		}
 	}
 	if (buf[3] & COMMENT) {
@@ -248,7 +251,7 @@
 			;
 		if (unlikely(LBUFSIZE == ret)) {
 			DBG_FLT("binfmt_flat: buffer overflow (COMMENT)?\n");
-			return -ENOEXEC;
+			goto out_free_buf;
 		}
 	}
 
@@ -261,7 +264,7 @@
 
 	if (zlib_inflateInit2(&strm, -MAX_WBITS) != Z_OK) {
 		DBG_FLT("binfmt_flat: zlib init failed?\n");
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 
 	while ((ret = zlib_inflate(&strm, Z_NO_FLUSH)) == Z_OK) {
@@ -280,13 +283,17 @@
 	if (ret < 0) {
 		DBG_FLT("binfmt_flat: decompression failed (%d), %s\n",
 			ret, strm.msg);
-		return -ENOEXEC;
+		goto out_free_buf;
 	}
 
 	zlib_inflateEnd(&strm);
+	retval = 0;
+out_free_buf:
 	kfree(buf);
+out_free:
 	kfree(strm.workspace);
-	return 0;
+out:
+	return retval;
 }
 
 #endif /* CONFIG_BINFMT_ZFLAT */


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-09-23  0:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-22 20:01 [PATCH] Fix memory leaks in binfmt_flat.c "Alexey Dobriyan" 
2003-09-22 23:53 ` David McCullough

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox