* Use calloc() to allocate token_list. This avoids an illegal free if
sqfs_tokenize() fails.
* Do not iterate over token_list if it has not been allocated.
Addresses-Coverity-ID: 510453: Null pointer dereferences (FORWARD_NULL)
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
---
v2:
Fix typo in subject line
---
fs/squashfs/sqfs.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 7c364686f14..2dcdd60f683 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -949,7 +949,7 @@ static int sqfs_opendir_nest(const char *filename, struct
fs_dir_stream **dirsp)
goto out;
}
- token_list = malloc(token_count * sizeof(char *));
+ token_list = calloc(token_count, sizeof(char *));
if (!token_list) {
ret = -EINVAL;
goto out;
@@ -987,9 +987,11 @@ static int sqfs_opendir_nest(const char *filename, struct
fs_dir_stream **dirsp)
*dirsp = (struct fs_dir_stream *)dirs;
out:
- for (j = 0; j < token_count; j++)
- free(token_list[j]);
- free(token_list);
+ if (token_list) {
+ for (j = 0; j < token_count; j++)
+ free(token_list[j]);
+ free(token_list);
+ }
free(pos_list);
free(path);
if (ret) {
--
2.48.1
