From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?UTF-8?Q?Jo=C3=A3o_Marcos_Costa?= <jmcosta944@gmail.com>
Date: Tue, 3 Nov 2020 09:37:54 -0300
Subject: [PATCH v2 05/28] fs/squashfs: sqfs_split_path: fix memory leak
 and dangling pointers
In-Reply-To: <20201103111126.23600-6-richard.genoud@posteo.net>
References: <20201103111126.23600-1-richard.genoud@posteo.net>
 <20201103111126.23600-6-richard.genoud@posteo.net>
Message-ID: <CABfBAmC66vr3YRpojGH5haS6Pmtx-kKLS6yyOOD+OZktVhmScw@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Same comment about the error path simplification.
Reviewed-by Joao Marcos Costa <jmcosta944@gmail.com>

Em ter., 3 de nov. de 2020 ?s 08:12, Richard Genoud <
richard.genoud@posteo.net> escreveu:

> *file and *dir were not freed on error
>
> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
> ---
>  fs/squashfs/sqfs.c | 40 ++++++++++++++++++++++++++++------------
>  1 file changed, 28 insertions(+), 12 deletions(-)
>
> diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
> index 0ac922af9e7..58b8bfc66dc 100644
> --- a/fs/squashfs/sqfs.c
> +++ b/fs/squashfs/sqfs.c
> @@ -1089,15 +1089,27 @@ static int sqfs_split_path(char **file, char
> **dir, const char *path)
>         char *dirc, *basec, *bname, *dname, *tmp_path;
>         int ret = 0;
>
> +       *file = NULL;
> +       *dir = NULL;
> +       dirc = NULL;
> +       basec = NULL;
> +       bname = NULL;
> +       dname = NULL;
> +       tmp_path = NULL;
> +
>         /* check for first slash in path*/
>         if (path[0] == '/') {
>                 tmp_path = strdup(path);
> -               if (!tmp_path)
> -                       return -ENOMEM;
> +               if (!tmp_path) {
> +                       ret = -ENOMEM;
> +                       goto out;
> +               }
>         } else {
>                 tmp_path = malloc(strlen(path) + 2);
> -               if (!tmp_path)
> -                       return -ENOMEM;
> +               if (!tmp_path) {
> +                       ret = -ENOMEM;
> +                       goto out;
> +               }
>                 tmp_path[0] = '/';
>                 strcpy(tmp_path + 1, path);
>         }
> @@ -1106,13 +1118,13 @@ static int sqfs_split_path(char **file, char
> **dir, const char *path)
>         dirc = strdup(tmp_path);
>         if (!dirc) {
>                 ret = -ENOMEM;
> -               goto free_tmp;
> +               goto out;
>         }
>
>         basec = strdup(tmp_path);
>         if (!basec) {
>                 ret = -ENOMEM;
> -               goto free_dirc;
> +               goto out;
>         }
>
>         dname = sqfs_dirname(dirc);
> @@ -1122,14 +1134,14 @@ static int sqfs_split_path(char **file, char
> **dir, const char *path)
>
>         if (!*file) {
>                 ret = -ENOMEM;
> -               goto free_basec;
> +               goto out;
>         }
>
>         if (*dname == '\0') {
>                 *dir = malloc(2);
>                 if (!*dir) {
>                         ret = -ENOMEM;
> -                       goto free_basec;
> +                       goto out;
>                 }
>
>                 (*dir)[0] = '/';
> @@ -1138,15 +1150,19 @@ static int sqfs_split_path(char **file, char
> **dir, const char *path)
>                 *dir = strdup(dname);
>                 if (!*dir) {
>                         ret = -ENOMEM;
> -                       goto free_basec;
> +                       goto out;
>                 }
>         }
>
> -free_basec:
> +out:
> +       if (ret) {
> +               free(*file);
> +               free(*dir);
> +               *dir = NULL;
> +               *file = NULL;
> +       }
>         free(basec);
> -free_dirc:
>         free(dirc);
> -free_tmp:
>         free(tmp_path);
>
>         return ret;
>


-- 
Atenciosamente,
Jo?o Marcos Costa

www.linkedin.com/in/jmarcoscosta/
https://github.com/jmarcoscosta