unlzo: Fix input buffer free
diff mbox series

Message ID 1321565360-28111-1-git-send-email-s.hauer@pengutronix.de
State New, archived
Headers show
Series
  • unlzo: Fix input buffer free
Related show

Commit Message

Sascha Hauer Nov. 17, 2011, 9:29 p.m. UTC
unlzo modifies the pointer to in_buf, so we have to free the
original buffer, not the modified pointer. This only happens
when a fill function is passed, a case which is currently unused
in the kernel.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 lib/decompress_unlzo.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Lasse Collin Nov. 18, 2011, 5:10 p.m. UTC | #1
On 2011-11-17 Sascha Hauer wrote:
> unlzo modifies the pointer to in_buf, so we have to free the
> original buffer, not the modified pointer.

The fix looks good.

> This only happens when a fill function is passed, a case which is
> currently unused in the kernel.

It is used for initrd decompression (not initramfs) in
init/do_mounts_rd.c in crd_load(). The problematic code can only get
run when the initrd is corrupt and thus the system will panic anyway.

Patch
diff mbox series

diff --git a/lib/decompress_unlzo.c b/lib/decompress_unlzo.c
index 5a7a2ad..4531294 100644
--- a/lib/decompress_unlzo.c
+++ b/lib/decompress_unlzo.c
@@ -279,7 +279,7 @@  STATIC inline int INIT unlzo(u8 *input, int in_len,
 	ret = 0;
 exit_2:
 	if (!input)
-		free(in_buf);
+		free(in_buf_save);
 exit_1:
 	if (!output)
 		free(out_buf);