Commit 6a379f67 authored by Wenwen Wang's avatar Wenwen Wang Committed by Richard Weinberger

jffs2: Fix memory leak in jffs2_scan_eraseblock() error path

In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if
'sumlen' is larger than 'buf_size'. However, it is not deallocated in the
following execution if jffs2_fill_scan_buf() fails, leading to a memory
leak bug. To fix this issue, free 'sumptr' before returning the error.
Signed-off-by: default avatarWenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent 61b875e8
...@@ -527,10 +527,13 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo ...@@ -527,10 +527,13 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
err = jffs2_fill_scan_buf(c, sumptr, err = jffs2_fill_scan_buf(c, sumptr,
jeb->offset + c->sector_size - sumlen, jeb->offset + c->sector_size - sumlen,
sumlen - buf_len); sumlen - buf_len);
if (err) if (err) {
if (sumlen > buf_size)
kfree(sumptr);
return err; return err;
} }
} }
}
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment