On Wed, Jul 06, 2016 at 09:32:50PM +0200, Lucas Stach wrote:
> Need to go through the regular error path in order to free
> "buf" correctly.
>
> Signed-off-by: Lucas Stach <dev@xxxxxxxxxx>
> ---
> fs/ubifs/lprops.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ubifs/lprops.c b/fs/ubifs/lprops.c
> index 28a1d3d..f880a89 100644
> --- a/fs/ubifs/lprops.c
> +++ b/fs/ubifs/lprops.c
> @@ -1095,14 +1095,16 @@ static int scan_check_cb(struct ubifs_info *c,
> lst->empty_lebs += 1;
> lst->total_free += c->leb_size;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
> if (lp->free + lp->dirty == c->leb_size &&
> !(lp->flags & LPROPS_INDEX)) {
> lst->total_free += lp->free;
> lst->total_dirty += lp->dirty;
> lst->total_dark += ubifs_calc_dark(c, c->leb_size);
> - return LPT_SCAN_CONTINUE;
> + ret = LPT_SCAN_CONTINUE;
> + goto out;
> }
>
> sleb = ubifs_scan(c, lnum, 0, buf, 0);
"buf' is only used after these two if() blocks, so it should simply be
allocated afterwards.
The same bug is also present in the kernel, so you might want to send it
there aswell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
