On Sat, Oct 16, 2021 at 10:19:48AM +0800, Jincheng Wang wrote: > We can delete two lines of code to avoid double free bug, but still a wild > pointers bug. > > A test for wild pointers: > sqfsls host 0 1//2/3//4/5 > > Fill the tokens list can solve it well. > > > Signed-off-by: Jincheng Wang <jc.w...@gmail.com> > --- > fs/squashfs/sqfs.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > } > > diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c > index e2d91c654c..50d3f8b71e 100644 > --- a/fs/squashfs/sqfs.c > +++ b/fs/squashfs/sqfs.c > @@ -303,8 +303,9 @@ static int sqfs_tokenize(char **tokens, int count, > const char *str) > aux = strtok(!j ? strc : NULL, "/"); > tokens[j] = strdup(aux); > if (!tokens[j]) { > - for (i = 0; i < j; i++) > - free(tokens[i]); > + /* fill tokens list to avoid wild pointers being freed*/ > + for (i = j + 1; i < count; i++) > + tokens[i] = 0; > ret = -ENOMEM; > goto free_strc;
Aside from the whitespace having been destroyed, any comments from the maintainers / reviewers? Thanks! -- Tom
signature.asc
Description: PGP signature