[PATCH] lib: fix potential memory free failure on unlzo()

From: Namhyung Kim
Date: Sun Nov 20 2011 - 02:51:36 EST

Next message: Russell King - ARM Linux: "Re: [PATCH] arm: Add condition code check to SWP emulator"
Previous message: Justin P. Mattock: "kdump.txt new web address for kexec-tools on kernel.org after thehacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

in_buf is dynamically allocated if @input is not given,
and adjusted as processing data on every loop. However
if block metadata is corrupted it will bail out the loop
in the middle, thus in_buf will point out wrong memory.
Fix it by freeing in_buf_save instead.

Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxx>
Cc: Albin Tonnerre <albin.tonnerre@xxxxxxxxxxxxxxxxxx>
Cc: Lasse Collin <lasse.collin@xxxxxxxxxxx>
---
lib/decompress_unlzo.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/lib/decompress_unlzo.c b/lib/decompress_unlzo.c
index 5a7a2adf4c4c..4531294fa62f 100644
--- a/lib/decompress_unlzo.c
+++ b/lib/decompress_unlzo.c
@@ -279,7 +279,7 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
ret = 0;
exit_2:
if (!input)
- free(in_buf);
+ free(in_buf_save);
exit_1:
if (!output)
free(out_buf);
--
1.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King - ARM Linux: "Re: [PATCH] arm: Add condition code check to SWP emulator"
Previous message: Justin P. Mattock: "kdump.txt new web address for kexec-tools on kernel.org after thehacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]