All of lore.kernel.org
 help / color / mirror / Atom feed
* [U-Boot] ubifs: memory possibly not freed
@ 2011-09-30 16:42 Renaud Barbier
  2011-10-05 10:40 ` Stefan Roese
  0 siblings, 1 reply; 2+ messages in thread
From: Renaud Barbier @ 2011-09-30 16:42 UTC (permalink / raw)
  To: u-boot

Looking at the function ubifs_finddir in the file fs/ubifs/ubifs.c,
I was wondering if some memory had not been freed before
the function returns.


287 static int ubifs_finddir(struct super_block *sb, char *dirname,
288                          unsigned long root_inum, unsigned long *inum)
289 {
...

299         file = kzalloc(sizeof(struct file), 0);
300         dentry = kzalloc(sizeof(struct dentry), 0);
301         dir = kzalloc(sizeof(struct inode), 0);

....
336                 if ((strncmp(dirname, (char *)dent->name, nm.len) == 
0) &&
337                     (strlen(dirname) == nm.len)) {
338                         *inum = le64_to_cpu(dent->inum);
339                         return 1;
340                 }

Line 339 returns without freeing file, dentry and dir.

Maybe wrong but could somebody check that.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [U-Boot] ubifs: memory possibly not freed
  2011-09-30 16:42 [U-Boot] ubifs: memory possibly not freed Renaud Barbier
@ 2011-10-05 10:40 ` Stefan Roese
  0 siblings, 0 replies; 2+ messages in thread
From: Stefan Roese @ 2011-10-05 10:40 UTC (permalink / raw)
  To: u-boot

Hi Renaud,

On Friday 30 September 2011 18:42:52 Renaud Barbier wrote:
> Looking at the function ubifs_finddir in the file fs/ubifs/ubifs.c,
> I was wondering if some memory had not been freed before
> the function returns.
> 
> 
> 287 static int ubifs_finddir(struct super_block *sb, char *dirname,
> 288                          unsigned long root_inum, unsigned long *inum)
> 289 {
> ...
> 
> 299         file = kzalloc(sizeof(struct file), 0);
> 300         dentry = kzalloc(sizeof(struct dentry), 0);
> 301         dir = kzalloc(sizeof(struct inode), 0);
> 
> ....
> 336                 if ((strncmp(dirname, (char *)dent->name, nm.len) ==
> 0) &&
> 337                     (strlen(dirname) == nm.len)) {
> 338                         *inum = le64_to_cpu(dent->inum);
> 339                         return 1;
> 340                 }
> 
> Line 339 returns without freeing file, dentry and dir.
> 
> Maybe wrong but could somebody check that.

Yes, you definitely seem to be correct here. Thanks for catching this.

Do you want to sent a patch fixing this? That would be great. Otherwise I'll 
try to come up with a patch soon...

Thanks,
Stefan

--
DENX Software Engineering GmbH,      MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich,  Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-0 Fax: (+49)-8142-66989-80 Email: office at denx.de

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-10-05 10:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-30 16:42 [U-Boot] ubifs: memory possibly not freed Renaud Barbier
2011-10-05 10:40 ` Stefan Roese

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.