From: Richard Genoud <richard.genoud@posteo.net>
Date: Tue, 3 Nov 2020 11:11:09 +0000 (+0100)
Subject: fs/squashfs: sqfs_size: fix dangling pointer dirs->entry
X-Git-Tag: accepted/tizen/unified/20210106.123546~17
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2a70587e0a522b8186cd99df7d2dda20d73e5413;p=platform%2Fkernel%2Fu-boot.git

fs/squashfs: sqfs_size: fix dangling pointer dirs->entry

dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
[jh80.chung: cherry picked from mainline commit 508a9dc7f694df11c7de7460f888f508e40a2046]
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>

Change-Id: I9f03d0d18e49f3ad0b5b7f1ca6f48625c00e46aa
---

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index f4ecb08..c3b662e 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1572,6 +1572,7 @@ int sqfs_size(const char *filename, loff_t *size)
 		if (!ret)
 			break;
 		free(dirs->entry);
+		dirs->entry = NULL;
 	}
 
 	if (ret) {
@@ -1585,6 +1586,7 @@ int sqfs_size(const char *filename, loff_t *size)
 	ipos = sqfs_find_inode(dirs->inode_table, i_number, sblk->inodes,
 			       sblk->block_size);
 	free(dirs->entry);
+	dirs->entry = NULL;
 
 	base = (struct squashfs_base_inode *)ipos;
 	switch (get_unaligned_le16(&base->inode_type)) {