From: Sascha Hauer <s.hauer@pengutronix.de>
To: Lucas Stach <dev@lynxeye.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 3/5] ubifs: fix potential memory leak
Date: Thu, 7 Jul 2016 09:06:27 +0200 [thread overview]
Message-ID: <20160707070627.GY20657@pengutronix.de> (raw)
In-Reply-To: <1467833572-26162-3-git-send-email-dev@lynxeye.de>
On Wed, Jul 06, 2016 at 09:32:50PM +0200, Lucas Stach wrote:
> Need to go through the regular error path in order to free
> "buf" correctly.
>
> Signed-off-by: Lucas Stach <dev@lynxeye.de>
> ---
> fs/ubifs/lprops.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ubifs/lprops.c b/fs/ubifs/lprops.c
> index 28a1d3d..f880a89 100644
> --- a/fs/ubifs/lprops.c
> +++ b/fs/ubifs/lprops.c
> @@ -1095,14 +1095,16 @@ static int scan_check_cb(struct ubifs_info *c,
> lst->empty_lebs += 1;
> lst->total_free += c->leb_size;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
> if (lp->free + lp->dirty == c->leb_size &&
> !(lp->flags & LPROPS_INDEX)) {
> lst->total_free += lp->free;
> lst->total_dirty += lp->dirty;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
>
> sleb = ubifs_scan(c, lnum, 0, buf, 0);
"buf' is only used after these two if() blocks, so it should simply be
allocated afterwards.
The same bug is also present in the kernel, so you might want to send it
there aswell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2016-07-07 7:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 19:32 [PATCH 1/5] commands: menu: check return pointer properly Lucas Stach
2016-07-06 19:32 ` [PATCH 2/5] ARM: i.MX: iim: fix potential out of bounds array access Lucas Stach
2016-07-06 19:32 ` [PATCH 3/5] ubifs: fix potential memory leak Lucas Stach
2016-07-07 7:06 ` Sascha Hauer [this message]
2016-07-06 19:32 ` [PATCH 4/5] ubifs: fix potential NULL ptr dereference Lucas Stach
2016-07-07 7:15 ` Sascha Hauer
2016-07-06 19:32 ` [PATCH 5/5] ubifs: check return pointer properly Lucas Stach
2016-07-07 7:46 ` [PATCH 1/5] commands: menu: " Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160707070627.GY20657@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=dev@lynxeye.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox