fs/squashfs: sqfs_size: fix dangling pointer dirs->entry

dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 7da2e09..3b008b5 100644 (file)
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1569,6 +1569,7 @@ int sqfs_size(const char *filename, loff_t *size)
                if (!ret)
                        break;
                free(dirs->entry);
+               dirs->entry = NULL;
        }
 
        if (ret) {
@@ -1582,6 +1583,7 @@ int sqfs_size(const char *filename, loff_t *size)
        ipos = sqfs_find_inode(dirs->inode_table, i_number, sblk->inodes,
                               sblk->block_size);
        free(dirs->entry);
+       dirs->entry = NULL;
 
        base = (struct squashfs_base_inode *)ipos;
        switch (get_unaligned_le16(&base->inode_type)) {