diff mbox series

[02/17] fs/squashfs: sqfs_opendir: fix some memory leaks and dangling pointers

Message ID 20201014080622.14970-3-richard.genoud@posteo.net
State Superseded
Delegated to: Tom Rini
Headers show
Series fs/squashfs: fix memory leaks and introduce exists() function | expand

Commit Message

Richard Genoud Oct. 14, 2020, 8:06 a.m. UTC 
When trying to load an non-existing file, the cpu hangs!

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
---
 fs/squashfs/sqfs.c | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 15208b4dab0..1fdb9ac534b 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -821,22 +821,37 @@  int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp)
 	if (!dirs)
 		return -EINVAL;
 
+	/* these should be set to NULL to prevent dangling pointers */
+	dirs->dir_header = NULL;
+	dirs->entry = NULL;
+	dirs->table = NULL;
+	dirs->inode_table = NULL;
+	dirs->dir_table = NULL;
+
 	ret = sqfs_read_inode_table(&inode_table);
-	if (ret)
-		return -EINVAL;
+	if (ret) {
+		ret = -EINVAL;
+		goto free_dirs;
+	}
 
 	metablks_count = sqfs_read_directory_table(&dir_table, &pos_list);
-	if (metablks_count < 1)
-		return -EINVAL;
+	if (metablks_count < 1) {
+		ret = -EINVAL;
+		goto free_inode_table;
+	}
 
 	/* Tokenize filename */
 	token_count = sqfs_count_tokens(filename);
-	if (token_count < 0)
-		return -EINVAL;
+	if (token_count < 0) {
+		ret = -EINVAL;
+		goto free_inode_table;
+	}
 
 	path = strdup(filename);
-	if (!path)
-		return -ENOMEM;
+	if (!path) {
+		ret = -EINVAL;
+		goto free_inode_table;
+	}
 
 	token_list = malloc(token_count * sizeof(char *));
 	if (!token_list) {
@@ -882,6 +897,12 @@  free_tokens:
 	free(pos_list);
 free_path:
 	free(path);
+free_inode_table:
+	if (ret)
+		free(inode_table);
+free_dirs:
+	if (ret)
+		free(dirs);
 
 	return ret;
 }