free should be called before the function exit abnormally. Signed-off-by: Kai Song <songkai01@xxxxxxxxxx> --- kexec/kexec-uImage.c | 10 ++++++++-- util_lib/elf_info.c | 4 +++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/kexec/kexec-uImage.c b/kexec/kexec-uImage.c index eeee4be..016be10 100644 --- a/kexec/kexec-uImage.c +++ b/kexec/kexec-uImage.c @@ -157,12 +157,15 @@ static int uImage_gz_load(const char *buf, off_t len, skip = 10; /* check GZ magic */ - if (buf[0] != 0x1f || buf[1] != 0x8b) + if (buf[0] != 0x1f || buf[1] != 0x8b) { + free(uncomp_buf); return -1; + } flags = buf[3]; if (buf[2] != Z_DEFLATED || (flags & RESERVED) != 0) { puts ("Error: Bad gzipped data\n"); + free(uncomp_buf); return -1; } @@ -187,8 +190,10 @@ static int uImage_gz_load(const char *buf, off_t len, /* - activates parsing gz headers */ ret = inflateInit2(&strm, -MAX_WBITS); - if (ret != Z_OK) + if (ret != Z_OK) { + free(uncomp_buf); return -1; + } strm.next_out = uncomp_buf; strm.avail_out = mem_alloc; @@ -214,6 +219,7 @@ static int uImage_gz_load(const char *buf, off_t len, strm.next_out = uncomp_buf + mem_alloc - inc_buf; strm.avail_out = inc_buf; } else { + free(uncomp_buf); printf("Error during decompression %d\n", ret); return -1; } diff --git a/util_lib/elf_info.c b/util_lib/elf_info.c index 676926c..51d8b92 100644 --- a/util_lib/elf_info.c +++ b/util_lib/elf_info.c @@ -605,8 +605,10 @@ static int scan_notes(int fd, loff_t start, loff_t lsize) scan_vmcoreinfo(n_desc, n_descsz); } - if ((note + sizeof(Elf_Nhdr)) == last) + if ((note + sizeof(Elf_Nhdr)) == last) { + free(buf); return -1; + } free(buf); -- 2.27.0 _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec