From mboxrd@z Thu Jan 1 00:00:00 1970 From: Miquel Raynal Date: Fri, 18 Dec 2020 19:50:09 +0100 Subject: [PATCH] fs: squasfs: fix a possible NULL pointer dereference in sqfs_opendir() In-Reply-To: <20201218142440.21783-1-richard.genoud@posteo.net> References: <20201218142440.21783-1-richard.genoud@posteo.net> Message-ID: <20201218195009.056da9d8@xps13> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Richard, Richard Genoud wrote on Fri, 18 Dec 2020 15:24:40 +0100: > token_count may be != 0 and token_list not yet allocated when the out > code is reached Wouldn't it be better to initialize token_count than adding an (obscure) indentation level? > > Reported-by: Coverity CID 313547 > Fixes: ea1b1651c6a8 ("fs/squashfs: sqfs_opendir: simplify error handling") > Signed-off-by: Richard Genoud > --- > fs/squashfs/sqfs.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c > index 608a2bb454c..c47046b76e5 100644 > --- a/fs/squashfs/sqfs.c > +++ b/fs/squashfs/sqfs.c > @@ -949,8 +949,9 @@ int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp) > *dirsp = (struct fs_dir_stream *)dirs; > > out: > - for (j = 0; j < token_count; j++) > - free(token_list[j]); > + if (token_list) > + for (j = 0; j < token_count; j++) > + free(token_list[j]); > free(token_list); > free(pos_list); > free(path); Thanks, Miqu?l