projects / platform / kernel / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8aec614)
fs/squashfs: sqfs_search_dir: fix dangling pointer
authorRichard Genoud <richard.genoud@posteo.net>
Tue, 3 Nov 2020 11:11:05 +0000 (12:11 +0100)
committerMarek Szyprowski <m.szyprowski@samsung.com>
Mon, 15 Nov 2021 10:37:12 +0000 (11:37 +0100)
dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
[jh80.chung: cherry picked from mainline commit 01e71ec61ab84bcdd4df708f8930d5acf1c2674d]
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Change-Id: I51db60ce9c428536c10a72a9ff4a6466629b6a4a

fs/squashfs/sqfs.c patch | blob | history

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index b1e9f16..4410fa6 100644 (file)
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -485,6 +485,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
                        if (!ret)
                                break;
                        free(dirs->entry);
+                       dirs->entry = NULL;
                }
 
                if (ret) {
@@ -530,6 +531,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
                        if (ret)
                                return -EINVAL;
                        free(dirs->entry);
+                       dirs->entry = NULL;
 
                        ret = sqfs_search_dir(dirs, sym_tokens, token_count,
                                              m_list, m_count);
@@ -537,6 +539,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
                } else if (!sqfs_is_dir(get_unaligned_le16(&dir->inode_type))) {
                        printf("** Cannot find directory. **\n");
                        free(dirs->entry);
+                       dirs->entry = NULL;
                        return -EINVAL;
                }
 
@@ -556,6 +559,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
                if (sqfs_is_empty_dir(table)) {
                        printf("Empty directory.\n");
                        free(dirs->entry);
+                       dirs->entry = NULL;
                        return SQFS_EMPTY_DIR;
                }
 
@@ -564,6 +568,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
                dirs->entry_count = dirs->dir_header->count + 1;
                dirs->size -= SQFS_DIR_HEADER_SIZE;
                free(dirs->entry);
+               dirs->entry = NULL;
        }
 
        offset = sqfs_dir_offset(table, m_list, m_count);
Domain: System / Kernel;