diff mbox series

[v2,08/12] misc: fix potential segmentation fault problem in scandir()

Message ID 20210630082724.50838-9-wuguanghao3@huawei.com
State Accepted
Headers show
Series [v2,01/12] profile_create_node: set magic before strdup(name) to avoid memory leak | expand

Commit Message

wuguanghao June 30, 2021, 8:27 a.m. UTC 
From: Zhiqiang Liu <liuzhiqiang26@huawei.com>

In scandir(), temp_list[num_dent] is allocated by calling
malloc(), we should check whether malloc() returns NULL before
accessing temp_list[num_dent].

Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
---
 misc/create_inode.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Theodore Ts'o July 16, 2021, 3:44 a.m. UTC | #1 
On Wed, Jun 30, 2021 at 04:27:20PM +0800, wuguanghao wrote:
> From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
> 
> In scandir(), temp_list[num_dent] is allocated by calling
> malloc(), we should check whether malloc() returns NULL before
> accessing temp_list[num_dent].
> 
> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
> Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>

Thanks, applied.

					- Ted
diff mbox series

Patch

diff --git a/misc/create_inode.c b/misc/create_inode.c
index d62e1cb4..869b0614 100644
--- a/misc/create_inode.c
+++ b/misc/create_inode.c
@@ -771,6 +771,9 @@  static int scandir(const char *dir_name, struct dirent ***name_list,
 		}
 		// add the copy of dirent to the list
 		temp_list[num_dent] = (struct dirent*)malloc((dent->d_reclen + 3) & ~3);
+		if (!temp_list[num_dent]) {
+			goto out;
+		}
 		memcpy(temp_list[num_dent], dent, dent->d_reclen);
 		num_dent++;
 	}