fs: fat: Fix possible double free of fatbuf

fat_itr_root() allocates fatbuf so we free it on the exit path, if
the function fails we should not free it, check the return value
and skip freeing if the function fails.

Signed-off-by: Andrew F. Davis <afd@ti.com>

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index c5997c2..06c8ed1 100644 (file)
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -1134,11 +1134,12 @@ int fat_size(const char *filename, loff_t *size)
                 * expected to fail if passed a directory path:
                 */
                free(fsdata.fatbuf);
-               fat_itr_root(itr, &fsdata);
-               if (!fat_itr_resolve(itr, filename, TYPE_DIR)) {
+               ret = fat_itr_root(itr, &fsdata);
+               if (ret)
+                       goto out_free_itr;
+               ret = fat_itr_resolve(itr, filename, TYPE_DIR);
+               if (!ret)
                        *size = 0;
-                       ret = 0;
-               }
                goto out_free_both;
        }