Patchwork [14/25] subst: Fix free of uninit pointers

login
register
mail settings
Submitter Eric Sandeen
Date Sept. 16, 2011, 8:49 p.m.
Message ID <1316206180-6375-15-git-send-email-sandeen@redhat.com>
Download mbox | patch
Permalink /patch/115048/
State Accepted
Headers show

Comments

Eric Sandeen - Sept. 16, 2011, 8:49 p.m.
in add_subst(), if the malloc of ent->name fails, we goto fail;
which will free ent->name (which is null, so OK) but also free
ent->value (which is uninitialized).  There is no case where
we must free ent->value on an error (it is allocated last, and
if it fails it of course doesn't need to be freed) so just
remove it.

Also "retval" is only assigned once to the constant ENOMEM,
so we can just return that explicitly in the failure case.

Signed-off-by: Eric Saneeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
 util/subst.c |    5 +----
 1 files changed, 1 insertions(+), 4 deletions(-)
Theodore Ts'o - Sept. 16, 2011, 10:56 p.m.
On Fri, Sep 16, 2011 at 03:49:29PM -0500, Eric Sandeen wrote:
> in add_subst(), if the malloc of ent->name fails, we goto fail;
> which will free ent->name (which is null, so OK) but also free
> ent->value (which is uninitialized).  There is no case where
> we must free ent->value on an error (it is allocated last, and
> if it fails it of course doesn't need to be freed) so just
> remove it.
> 
> Also "retval" is only assigned once to the constant ENOMEM,
> so we can just return that explicitly in the failure case.
> 
> Signed-off-by: Eric Saneeen <sandeen@redhat.com>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>

Applied, although I removed the double sign off.  :-)

	 	    	    	- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/util/subst.c b/util/subst.c
index b55f54b..8544b6d 100644
--- a/util/subst.c
+++ b/util/subst.c
@@ -35,9 +35,7 @@  struct subst_entry *subst_table = 0;
 static int add_subst(char *name, char *value)
 {
 	struct subst_entry	*ent = 0;
-	int	retval;
 
-	retval = ENOMEM;
 	ent = (struct subst_entry *) malloc(sizeof(struct subst_entry));
 	if (!ent)
 		goto fail;
@@ -55,10 +53,9 @@  static int add_subst(char *name, char *value)
 fail:
 	if (ent) {
 		free(ent->name);
-		free(ent->value);
 		free(ent);
 	}
-	return retval;
+	return ENOMEM;
 }
 
 static struct subst_entry *fetch_subst_entry(char *name)