Reviewed-by Joao Marcos Costa <jmcosta...@gmail.com> Em ter., 3 de nov. de 2020 às 08:12, Richard Genoud < richard.gen...@posteo.net> escreveu:
> if sqfs_tokenize(rel_tokens, rc, rel); fails, the function exits > without freeing the array base_tokens. > > Signed-off-by: Richard Genoud <richard.gen...@posteo.net> > --- > fs/squashfs/sqfs.c | 32 ++++++++++++++++++-------------- > 1 file changed, 18 insertions(+), 14 deletions(-) > > diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c > index 825d5d13fa2..f41deece0ae 100644 > --- a/fs/squashfs/sqfs.c > +++ b/fs/squashfs/sqfs.c > @@ -340,28 +340,31 @@ static char *sqfs_get_abs_path(const char *base, > const char *rel) > char **base_tokens, **rel_tokens, *resolved = NULL; > int ret, bc, rc, i, updir = 0, resolved_size = 0, offset = 0; > > + base_tokens = NULL; > + rel_tokens = NULL; > + > /* Memory allocation for the token lists */ > bc = sqfs_count_tokens(base); > rc = sqfs_count_tokens(rel); > if (bc < 1 || rc < 1) > return NULL; > > - base_tokens = malloc(bc * sizeof(char *)); > + base_tokens = calloc(bc, sizeof(char *)); > if (!base_tokens) > return NULL; > > - rel_tokens = malloc(rc * sizeof(char *)); > + rel_tokens = calloc(rc, sizeof(char *)); > if (!rel_tokens) > - goto free_b_tokens; > + goto out; > > /* Fill token lists */ > ret = sqfs_tokenize(base_tokens, bc, base); > if (ret) > - goto free_r_tokens; > + goto out; > > ret = sqfs_tokenize(rel_tokens, rc, rel); > if (ret) > - goto free_r_tokens; > + goto out; > > /* count '..' occurrences in target path */ > for (i = 0; i < rc; i++) { > @@ -372,7 +375,7 @@ static char *sqfs_get_abs_path(const char *base, const > char *rel) > /* Remove the last token and the '..' occurrences */ > bc = sqfs_clean_base_path(base_tokens, bc, updir); > if (bc < 0) > - goto free_r_tokens; > + goto out; > > /* Calculate resolved path size */ > if (!bc) > @@ -383,7 +386,7 @@ static char *sqfs_get_abs_path(const char *base, const > char *rel) > > resolved = malloc(resolved_size + 1); > if (!resolved) > - goto free_r_tokens_loop; > + goto out; > > /* Set resolved path */ > memset(resolved, '\0', resolved_size + 1); > @@ -391,14 +394,15 @@ static char *sqfs_get_abs_path(const char *base, > const char *rel) > resolved[offset++] = '/'; > offset += sqfs_join(rel_tokens, resolved + offset, updir, rc, '/'); > > -free_r_tokens_loop: > - for (i = 0; i < rc; i++) > - free(rel_tokens[i]); > - for (i = 0; i < bc; i++) > - free(base_tokens[i]); > -free_r_tokens: > +out: > + if (rel_tokens) > + for (i = 0; i < rc; i++) > + free(rel_tokens[i]); > + if (base_tokens) > + for (i = 0; i < bc; i++) > + free(base_tokens[i]); > + > free(rel_tokens); > -free_b_tokens: > free(base_tokens); > > return resolved; > -- Atenciosamente, João Marcos Costa www.linkedin.com/in/jmarcoscosta/ https://github.com/jmarcoscosta