From 16b5b997d78e3d37a93701f9f32f91ae33ebb8fe Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Fri, 2 Aug 2019 15:40:12 +0200 Subject: Fix potential double free of xattr reader id_block_starts Signed-off-by: David Oberhollenzer --- lib/sqfs/xattr_reader.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/sqfs/xattr_reader.c b/lib/sqfs/xattr_reader.c index 4383e89..42a7e51 100644 --- a/lib/sqfs/xattr_reader.c +++ b/lib/sqfs/xattr_reader.c @@ -64,8 +64,7 @@ static int get_id_block_locations(xattr_reader_t *xr, int sqfsfd, super->xattr_id_table_start + sizeof(idtbl), sqfsfd, xr->id_block_starts, sizeof(xr->id_block_starts[0]) * xr->num_id_blocks)) { - free(xr->id_block_starts); - return -1; + goto fail; } for (i = 0; i < xr->num_id_blocks; ++i) { @@ -74,12 +73,15 @@ static int get_id_block_locations(xattr_reader_t *xr, int sqfsfd, if (xr->id_block_starts[i] > super->bytes_used) { fputs("found xattr ID block that is past " "end of filesystem\n", stderr); - free(xr->id_block_starts); - return -1; + goto fail; } } return 0; +fail: + free(xr->id_block_starts); + xr->id_block_starts = NULL; + return -1; } static int get_xattr_desc(xattr_reader_t *xr, uint32_t idx, -- cgit v1.2.3