In omfs_get_imap(), 'sbi->s_imap' is allocated through kcalloc(). However,
it is not deallocated in the following execution if 'block' is not less
than 'sbi->s_num_blocks', leading to a memory leak bug. To fix this issue,
go to the 'nomem_free' label to free 'sbi->s_imap'.
Signed-off-by: Wenwen Wang <[email protected]>
---
fs/omfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index 08226a8..e4d89a6 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -356,7 +356,7 @@ static int omfs_get_imap(struct super_block *sb)
block = clus_to_blk(sbi, sbi->s_bitmap_ino);
if (block >= sbi->s_num_blocks)
- goto nomem;
+ goto nomem_free;
ptr = sbi->s_imap;
for (count = bitmap_size; count > 0; count -= sb->s_blocksize) {
--
2.7.4
On Tue, Aug 20, 2019 at 01:22:59AM -0500, Wenwen Wang wrote:
> In omfs_get_imap(), 'sbi->s_imap' is allocated through kcalloc(). However,
> it is not deallocated in the following execution if 'block' is not less
> than 'sbi->s_num_blocks', leading to a memory leak bug. To fix this issue,
> go to the 'nomem_free' label to free 'sbi->s_imap'.
Nice catch, thanks.
Acked-by: Bob Copeland <[email protected]>
--
Bob Copeland %% https://bobcopeland.com/