btrfs-progs: fix memory leaks in error path

This patch includes below fixes in error path:
1. fix memory leaks if realloc() fails
2. add missing call free_history() before return error in scrub_read_file()

Signed-off-by: Byongho Lee <bhlee.kernel@gmail.com>
Reviewed-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/btrfs-list.c b/btrfs-list.c
index 875a89d..d54de61 100644 (file)
--- a/btrfs-list.c
+++ b/btrfs-list.c
@@ -254,11 +254,15 @@ static int btrfs_list_setup_comparer(struct btrfs_list_comparer_set **comp_set,
        BUG_ON(set->ncomps > set->total);
 
        if (set->ncomps == set->total) {
+               void *tmp;
+
                size = set->total + BTRFS_LIST_NCOMPS_INCREASE;
                size = sizeof(*set) + size * sizeof(struct btrfs_list_comparer);
+               tmp = set;
                set = realloc(set, size);
                if (!set) {
                        fprintf(stderr, "memory allocation failed\n");
+                       free(tmp);
                        exit(1);
                }
 
@@ -1232,11 +1236,15 @@ int btrfs_list_setup_filter(struct btrfs_list_filter_set **filter_set,
        BUG_ON(set->nfilters > set->total);
 
        if (set->nfilters == set->total) {
+               void *tmp;
+
                size = set->total + BTRFS_LIST_NFILTERS_INCREASE;
                size = sizeof(*set) + size * sizeof(struct btrfs_list_filter);
+               tmp = set;
                set = realloc(set, size);
                if (!set) {
                        fprintf(stderr, "memory allocation failed\n");
+                       free(tmp);
                        exit(1);
                }
 

diff --git a/cmds-scrub.c b/cmds-scrub.c
index 5a85dc4..91cf678 100644 (file)
--- a/cmds-scrub.c
+++ b/cmds-scrub.c
@@ -502,12 +502,16 @@ again:
                }
                return p;
        }
-       if (avail == -1)
+       if (avail == -1) {
+               free_history(p);
                return ERR_PTR(-errno);
+       }
        avail += old_avail;
 
        i = 0;
        while (i < avail) {
+               void *tmp;
+
                switch (state) {
                case 0: /* start of file */
                        ret = scrub_kvread(&i,
@@ -534,11 +538,17 @@ again:
                                continue;
                        }
                        ++curr;
+                       tmp = p;
                        p = realloc(p, (curr + 2) * sizeof(*p));
-                       if (p)
-                               p[curr] = malloc(sizeof(**p));
-                       if (!p || !p[curr])
+                       if (!p) {
+                               free_history(tmp);
                                return ERR_PTR(-errno);
+                       }
+                       p[curr] = malloc(sizeof(**p));
+                       if (!p[curr]) {
+                               free_history(p);
+                               return ERR_PTR(-errno);
+                       }
                        memset(p[curr], 0, sizeof(**p));
                        p[curr + 1] = NULL;
                        ++state;

diff --git a/cmds-send.c b/cmds-send.c
index a0b7f95..95fd4aa 100644 (file)
--- a/cmds-send.c
+++ b/cmds-send.c
@@ -174,11 +174,16 @@ out:
 
 static int add_clone_source(struct btrfs_send *s, u64 root_id)
 {
+       void *tmp;
+
+       tmp = s->clone_sources;
        s->clone_sources = realloc(s->clone_sources,
                sizeof(*s->clone_sources) * (s->clone_sources_count + 1));
 
-       if (!s->clone_sources)
+       if (!s->clone_sources) {
+               free(tmp);
                return -ENOMEM;
+       }
        s->clone_sources[s->clone_sources_count++] = root_id;
 
        return 0;

diff --git a/qgroup.c b/qgroup.c
index dc04b03..327abd6 100644 (file)
--- a/qgroup.c
+++ b/qgroup.c
@@ -465,12 +465,16 @@ int btrfs_qgroup_setup_comparer(struct btrfs_qgroup_comparer_set  **comp_set,
        BUG_ON(set->ncomps > set->total);
 
        if (set->ncomps == set->total) {
+               void *tmp;
+
                size = set->total + BTRFS_QGROUP_NCOMPS_INCREASE;
                size = sizeof(*set) +
                       size * sizeof(struct btrfs_qgroup_comparer);
+               tmp = set;
                set = realloc(set, size);
                if (!set) {
                        fprintf(stderr, "memory allocation failed\n");
+                       free(tmp);
                        exit(1);
                }
 
@@ -836,12 +840,16 @@ int btrfs_qgroup_setup_filter(struct btrfs_qgroup_filter_set **filter_set,
        BUG_ON(set->nfilters > set->total);
 
        if (set->nfilters == set->total) {
+               void *tmp;
+
                size = set->total + BTRFS_QGROUP_NFILTERS_INCREASE;
                size = sizeof(*set) + size * sizeof(struct btrfs_qgroup_filter);
 
+               tmp = set;
                set = realloc(set, size);
                if (!set) {
                        fprintf(stderr, "memory allocation failed\n");
+                       free(tmp);
                        exit(1);
                }
                memset(&set->filters[set->total], 0,