From: Sandeep Dhavale <dhavale@google.com>
Date: Thu, 18 Jul 2024 20:22:04 +0000 (-0700)
Subject: erofs-utils: misc: Fix potential memory leak in realloc failure path
X-Git-Tag: v1.8~17
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a3a75f7af7b2fea8db29af5fd473a0246cacbc23;p=platform%2Fupstream%2Ferofs-utils.git

erofs-utils: misc: Fix potential memory leak in realloc failure path

As realloc returns NULL on failure, the original value will be
overwritten if it is used as lvalue. Fix this by using a temporary
variable to hold the return value and exit with -ENOMEM in case of
failure. This patch fixes 2 of the realloc blocks with similar fix.

Signed-off-by: Sandeep Dhavale <dhavale@google.com>
Link: https://lore.kernel.org/r/20240718202204.1224620-1-dhavale@google.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---

diff --git a/fsck/main.c b/fsck/main.c
index 8ec9486..fb66967 100644
--- a/fsck/main.c
+++ b/fsck/main.c
@@ -507,9 +507,15 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd)
 
 		if (compressed) {
 			if (map.m_llen > buffer_size) {
+				char *newbuffer;
+
 				buffer_size = map.m_llen;
-				buffer = realloc(buffer, buffer_size);
-				BUG_ON(!buffer);
+				newbuffer = realloc(buffer, buffer_size);
+				if (!newbuffer) {
+					ret = -ENOMEM;
+					goto out;
+				}
+				buffer = newbuffer;
 			}
 			ret = z_erofs_read_one_data(inode, &map, raw, buffer,
 						    0, map.m_llen, false);
diff --git a/lib/data.c b/lib/data.c
index a8402ed..f37f8f0 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -337,12 +337,15 @@ static int z_erofs_read_data(struct erofs_inode *inode, char *buffer,
 		}
 
 		if (map.m_plen > bufsize) {
+			char *newraw;
+
 			bufsize = map.m_plen;
-			raw = realloc(raw, bufsize);
-			if (!raw) {
+			newraw = realloc(raw, bufsize);
+			if (!newraw) {
 				ret = -ENOMEM;
 				break;
 			}
+			raw = newraw;
 		}
 
 		ret = z_erofs_read_one_data(inode, &map, raw,