projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 61b875e)
jffs2: Fix memory leak in jffs2_scan_eraseblock() error path
authorWenwen Wang <wenwen@cs.uga.edu>
Mon, 19 Aug 2019 21:55:04 +0000 (16:55 -0500)
committerRichard Weinberger <richard@nod.at>
Sun, 15 Sep 2019 20:42:41 +0000 (22:42 +0200)
In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if
'sumlen' is larger than 'buf_size'. However, it is not deallocated in the
following execution if jffs2_fill_scan_buf() fails, leading to a memory
leak bug. To fix this issue, free 'sumptr' before returning the error.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Richard Weinberger <richard@nod.at>
fs/jffs2/scan.c patch | blob | history

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 90431dd613b8db1bd699c6cc1eaff6a5608fde46..5f7e284e0df36112b8881eb592b5cc6e185d4e9d 100644 (file)
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -527,8 +527,11 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
                                        err = jffs2_fill_scan_buf(c, sumptr, 
                                                                  jeb->offset + c->sector_size - sumlen,
                                                                  sumlen - buf_len);                            
-                                       if (err)
+                                       if (err) {
+                                               if (sumlen > buf_size)
+                                                       kfree(sumptr);
                                                return err;
+                                       }
                                }
                        }
 
John Crispins staging tree