From d0cd30eb8137c0f14034aeb22c9f00cd70ccc98c Mon Sep 17 00:00:00 2001
From: "Andrew F. Davis" <afd@ti.com>
Date: Thu, 16 May 2019 09:34:31 -0500
Subject: [PATCH] fs: fat: Fix possible double free of fatbuf

fat_itr_root() allocates fatbuf so we free it on the exit path, if
the function fails we should not free it, check the return value
and skip freeing if the function fails.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 fs/fat/fat.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index c5997c2..06c8ed1 100644
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -1134,11 +1134,12 @@ int fat_size(const char *filename, loff_t *size)
 		 * expected to fail if passed a directory path:
 		 */
 		free(fsdata.fatbuf);
-		fat_itr_root(itr, &fsdata);
-		if (!fat_itr_resolve(itr, filename, TYPE_DIR)) {
+		ret = fat_itr_root(itr, &fsdata);
+		if (ret)
+			goto out_free_itr;
+		ret = fat_itr_resolve(itr, filename, TYPE_DIR);
+		if (!ret)
 			*size = 0;
-			ret = 0;
-		}
 		goto out_free_both;
 	}
 
-- 
2.7.4