From: Andrew Goodbody <andrew.goodbody@linaro.org>
Date: Thu, 2 Oct 2025 10:36:09 +0000 (+0100)
Subject: fs/squashfs: Ensure memory is freed by using unwind goto
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=87b7eaf3244e1a991404602c3422a4ce06bfae55;p=thirdparty%2Fu-boot.git

fs/squashfs: Ensure memory is freed by using unwind goto

Returning immediately from sqfs_read_nest is not consistent with other
error checks in this function and can lead to memory leaks. Instead use
the unwind goto used elsewhere to ensure that the memory is freed.

This issue was found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
---

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 2dcdd60f683..4d3d83b7587 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1584,8 +1584,10 @@ static int sqfs_read_nest(const char *filename, void *buf, loff_t offset,
 	table_offset = frag_entry.start - (start * ctxt.cur_dev->blksz);
 	n_blks = DIV_ROUND_UP(table_size + table_offset, ctxt.cur_dev->blksz);
 
-	if (__builtin_mul_overflow(n_blks, ctxt.cur_dev->blksz, &buf_size))
-		return -EINVAL;
+	if (__builtin_mul_overflow(n_blks, ctxt.cur_dev->blksz, &buf_size)) {
+		ret = -EINVAL;
+		goto out;
+	}
 
 	fragment = malloc_cache_aligned(buf_size);