diff options
author | Alessio Balsini <balsini@android.com> | 2019-10-21 11:02:32 +0100 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2019-10-26 17:36:46 -0500 |
commit | 55d937611597a4e54a17b344c81810ad1fe9f75d (patch) | |
tree | 53934600cf92e250de21996c4dfe8e1e5342d380 | |
parent | 49feb50f22e2db90556f79dbc0de36f8ecb8b521 (diff) | |
download | toybox-55d937611597a4e54a17b344c81810ad1fe9f75d.tar.gz |
losetup: Fix memory leaks in loopback_setup()
The function loopback_setup() uses xabspath() to get the loopback path.
This function allocates dynamic memory which should be freed by the
function caller.
But there are early return cases where the dynamic memory is not freed.
Besides the special cases of perror_exit(), for which the "early" free
operation is simply used to silence memory analysis tools, the
if (racy && errno == EBUSY) return 1;
branch may be a real cause of memory leak.
Fix by adding a new free() in the racy+EBUSY branch and anticipating the
existing free().
Signed-off-by: Alessio Balsini <balsini@android.com>
-rw-r--r-- | toys/other/losetup.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/toys/other/losetup.c b/toys/other/losetup.c index 917e64ea..7f91ba1f 100644 --- a/toys/other/losetup.c +++ b/toys/other/losetup.c @@ -107,15 +107,16 @@ static int loopback_setup(char *device, char *file) if (!s) perror_exit("file"); // already opened, but if deleted since... if (ioctl(lfd, LOOP_SET_FD, ffd)) { + free(s); if (racy && errno == EBUSY) return 1; perror_exit("%s=%s", device, file); } + xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE); + free(s); loop->lo_offset = TT.o; loop->lo_sizelimit = TT.S; - xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE); if (ioctl(lfd, LOOP_SET_STATUS64, loop)) perror_exit("%s=%s", device, file); if (FLAG(s)) puts(device); - free(s); } else { xprintf("%s: [%lld]:%llu (%s)", device, (long long)loop->lo_device, |