From: Li Zhong Date: Thu, 26 Sep 2013 06:45:32 +0000 (+0000) Subject: [v3, 1/2] xfsprogs: fix potential memory leak in verify_set_primary_sb() X-Git-Tag: v3.2.0-alpha2~71 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=548c2e3e5b123266b4b89cc81bedd113442570b8;p=thirdparty%2Fxfsprogs-dev.git [v3, 1/2] xfsprogs: fix potential memory leak in verify_set_primary_sb() If verify_set_primary_sb() completes the secondary sb scanning loop with too few valid secondaries found (num_ok < num_sbs / 2), it will immediately return without freeing any of the previously allocated memory (variables sb, checked, and any items on the geo list). This was reported by the Coverity scanner as CID 997012, 997013 and 997014. Fix this by using the out_free_list: goto target for this error case. Earlier, if get_sb() fails in the secondary scan loop, it goes to the out: target which does not free any items on the geo list. Fix this by using the out_free_list: target as well, and remove the now-unused out: target. Signed-off-by: Li Zhong Reviewed-by: Eric Sandeen Reviewed-by: Mark Tinguely Signed-off-by: Rich Johnston --- diff --git a/repair/sb.c b/repair/sb.c index aa550e391..d34d7a2a1 100644 --- a/repair/sb.c +++ b/repair/sb.c @@ -733,7 +733,7 @@ verify_set_primary_sb(xfs_sb_t *rsb, if (get_sb(sb, off, size, agno) == XR_EOF) { retval = 1; - goto out; + goto out_free_list; } if (verify_sb(sb, 0) == XR_OK) { @@ -756,8 +756,10 @@ verify_set_primary_sb(xfs_sb_t *rsb, /* * see if we have enough superblocks to bother with */ - if (num_ok < num_sbs / 2) - return(XR_INSUFF_SEC_SB); + if (num_ok < num_sbs / 2) { + retval = XR_INSUFF_SEC_SB; + goto out_free_list; + } current = get_best_geo(list); @@ -841,7 +843,6 @@ verify_set_primary_sb(xfs_sb_t *rsb, out_free_list: free_geo(list); -out: free(sb); free(checked); return(retval);