From 55d937611597a4e54a17b344c81810ad1fe9f75d Mon Sep 17 00:00:00 2001 From: Alessio Balsini Date: Mon, 21 Oct 2019 11:02:32 +0100 Subject: losetup: Fix memory leaks in loopback_setup() The function loopback_setup() uses xabspath() to get the loopback path. This function allocates dynamic memory which should be freed by the function caller. But there are early return cases where the dynamic memory is not freed. Besides the special cases of perror_exit(), for which the "early" free operation is simply used to silence memory analysis tools, the if (racy && errno == EBUSY) return 1; branch may be a real cause of memory leak. Fix by adding a new free() in the racy+EBUSY branch and anticipating the existing free(). Signed-off-by: Alessio Balsini --- toys/other/losetup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'toys/other') diff --git a/toys/other/losetup.c b/toys/other/losetup.c index 917e64ea..7f91ba1f 100644 --- a/toys/other/losetup.c +++ b/toys/other/losetup.c @@ -107,15 +107,16 @@ static int loopback_setup(char *device, char *file) if (!s) perror_exit("file"); // already opened, but if deleted since... if (ioctl(lfd, LOOP_SET_FD, ffd)) { + free(s); if (racy && errno == EBUSY) return 1; perror_exit("%s=%s", device, file); } + xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE); + free(s); loop->lo_offset = TT.o; loop->lo_sizelimit = TT.S; - xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE); if (ioctl(lfd, LOOP_SET_STATUS64, loop)) perror_exit("%s=%s", device, file); if (FLAG(s)) puts(device); - free(s); } else { xprintf("%s: [%lld]:%llu (%s)", device, (long long)loop->lo_device, -- cgit v1.2.3