In ubifs_mount(), 'c' is allocated through kzalloc() in alloc_ubifs_info().
However, it is not deallocated in the following execution if
ubifs_fill_super() fails, leading to a memory leak bug. To fix this issue,
free 'c' before going to the 'out_deact' label.

Signed-off-by: Wenwen Wang <wen...@cs.uga.edu>
---
 fs/ubifs/super.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 2c0803b..46e30e2 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -2252,8 +2252,10 @@ static struct dentry *ubifs_mount(struct 
file_system_type *fs_type, int flags,
                }
        } else {
                err = ubifs_fill_super(sb, data, flags & SB_SILENT ? 1 : 0);
-               if (err)
+               if (err) {
+                       kfree(c);
                        goto out_deact;
+               }
                /* We do not support atime */
                sb->s_flags |= SB_ACTIVE;
                if (IS_ENABLED(CONFIG_UBIFS_ATIME_SUPPORT))
-- 
2.7.4

Reply via email to