diff options
| author | Richard Genoud <richard.genoud@posteo.net> | 2020-11-03 12:11:05 +0100 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-11-19 09:45:49 -0500 |
| commit | 01e71ec61ab84bcdd4df708f8930d5acf1c2674d (patch) | |
| tree | 62d447ffec67dad617cf3e01ab0376816db04b4b /fs | |
| parent | 7d23b2c5fb093142400467d8b81ba84786ed6f2c (diff) | |
fs/squashfs: sqfs_search_dir: fix dangling pointer
dirs->entry shouldn't be left dangling as it could be freed twice.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/squashfs/sqfs.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 9d460e8bed..78893b5c85 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -485,6 +485,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list, if (!ret) break; free(dirs->entry); + dirs->entry = NULL; } if (ret) { @@ -530,6 +531,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list, if (ret) return -EINVAL; free(dirs->entry); + dirs->entry = NULL; ret = sqfs_search_dir(dirs, sym_tokens, token_count, m_list, m_count); @@ -537,6 +539,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list, } else if (!sqfs_is_dir(get_unaligned_le16(&dir->inode_type))) { printf("** Cannot find directory. **\n"); free(dirs->entry); + dirs->entry = NULL; return -EINVAL; } @@ -556,6 +559,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list, if (sqfs_is_empty_dir(table)) { printf("Empty directory.\n"); free(dirs->entry); + dirs->entry = NULL; return SQFS_EMPTY_DIR; } @@ -564,6 +568,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list, dirs->entry_count = dirs->dir_header->count + 1; dirs->size -= SQFS_DIR_HEADER_SIZE; free(dirs->entry); + dirs->entry = NULL; } offset = sqfs_dir_offset(table, m_list, m_count); |