jffs2: Fix memory leak in jffs2_scan_eraseblock() error path

In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if 'sumlen' is larger than 'buf_size'. However, it is not deallocated in the following execution if jffs2_fill_scan_buf() fails, leading to a memory leak bug. To fix this issue, free 'sumptr' before returning the error. Signed-off-by: Wenwen Wang <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
ambv · Sep 15, 2019 · 6a379f6 · 6a379f6
1 parent 61b875e
commit 6a379f6
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
@@ -527,8 +527,11 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 					err = jffs2_fill_scan_buf(c, sumptr, 
 								  jeb->offset + c->sector_size - sumlen,
 								  sumlen - buf_len);				
-					if (err)
+					if (err) {
+						if (sumlen > buf_size)
+							kfree(sumptr);
 						return err;
+					}
 				}
 			}