jffs2: fix NULL pointer dereference in jffs2_scan_medium

hulk inclusion category: bugfix bugzilla: 185988, https://gitee.com/openeuler/kernel/issues/I4YVV3 -------------------------------- In jffs2_scan_medium, if `s = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);` returns error, go to "out" to do clear. Null pointer dereference occurs when `if (s->sum_list_head)` is executed in "out". Fixes: bf7ba557361f ("[Huawei] jffs2: fix memory leak in jffs2_scan_medium") Signed-off-by: N Baokun Li <libaokun1@huawei.com> Reviewed-by: N Zhang Yi <yi.zhang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

jffs2: fix NULL pointer dereference in jffs2_scan_medium
hulk inclusion category: bugfix bugzilla: 185988, https://gitee.com/openeuler/kernel/issues/I4YVV3 -------------------------------- In jffs2_scan_medium, if `s = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);` returns error, go to "out" to do clear. Null pointer dereference occurs when `if (s->sum_list_head)` is executed in "out". Fixes: bf7ba557361f ("[Huawei] jffs2: fix memory leak in jffs2_scan_medium") Signed-off-by: N Baokun Li <libaokun1@huawei.com> Reviewed-by: N Zhang Yi <yi.zhang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
2050f67f · Baokun Li · Zheng Zengkai · 80431881 · 2050f67f
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

fs/jffs2/scan.c fs/jffs2/scan.c +4 -4

未找到文件。
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -136,7 +136,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
 		if (!s) {
 			JFFS2_WARNING("Can't allocate memory for summary\n");
 			ret = -ENOMEM;
-			goto out;
+			goto out_buf;
 		}
 	}

@@ -275,15 +275,15 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
 	}
 	ret = 0;
 out:
+	jffs2_sum_reset_collected(s);
+	kfree(s);
+ out_buf:
 	if (buf_size)
 		kfree(flashbuf);
 #ifndef __ECOS
 	else
 		mtd_unpoint(c->mtd, 0, c->mtd->size);
 #endif
-	if (s->sum_list_head)
-		jffs2_sum_reset_collected(s);
-	kfree(s);
 	return ret;
 }