Commit 6e4ea8e3 authored by Dave Jones's avatar Dave Jones Committed by Theodore Ts'o
Browse files

ext4: fix memory leak in xattr 



If we take the 2nd retry path in ext4_expand_extra_isize_ea, we
potentionally return from the function without having freed these
allocations.  If we don't do the return, we over-write the previous
allocation pointers, so we leak either way.

Spotted with Coverity.

[ Fixed by tytso to set is and bs to NULL after freeing these
  pointers, in case in the retry loop we later end up triggering an
  error causing a jump to cleanup, at which point we could have a double
  free bug. -- Ted ]

Signed-off-by: default avatarDave Jones <davej@fedoraproject.org>
Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
Cc: stable@vger.kernel.org
parent 9c12a831

fs/ext4/xattr.c

+2 −0
Original line number Diff line number Diff line
@@ -1350,6 +1350,8 @@ retry: 
				    s_min_extra_isize) {

					tried_min_extra_isize++;

					new_extra_isize = s_min_extra_isize;

					kfree(is); is = NULL;

					kfree(bs); bs = NULL;

					goto retry;

				}

				error = -1;

CRA Git | Maintained and supported by SUSTech CRA and CCSE