jffs2: Fix memory leak in jffs2_scan_eraseblock() error path

In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if 'sumlen' is larger than 'buf_size'. However, it is not deallocated in the following execution if jffs2_fill_scan_buf() fails, leading to a memory leak bug. To fix this issue, free 'sumptr' before returning the error. Signed-off-by: N Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: N Richard Weinberger <richard@nod.at>

jffs2: Fix memory leak in jffs2_scan_eraseblock() error path
In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if 'sumlen' is larger than 'buf_size'. However, it is not deallocated in the following execution if jffs2_fill_scan_buf() fails, leading to a memory leak bug. To fix this issue, free 'sumptr' before returning the error. Signed-off-by: N Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: N Richard Weinberger <richard@nod.at>
6a379f67 · Wenwen Wang · Richard Weinberger · 61b875e8 · 6a379f67
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

fs/jffs2/scan.c fs/jffs2/scan.c +4 -1

未找到文件。
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -527,8 +527,11 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 					err = jffs2_fill_scan_buf(c, sumptr, 
 								  jeb->offset + c->sector_size - sumlen,
 								  sumlen - buf_len);				
-					if (err)
+					if (err) {
+						if (sumlen > buf_size)
+							kfree(sumptr);
 						return err;
+					}
 				}
 			}