Hello, On 4/14/25 15:19, Heinrich Schuchardt wrote:
* Use calloc() to allocate token_list. This avoids an illegal free if sqfs_tokenize() fails. * Do not iterate over token_list if it has not been allocated.Addresses-Coverity-ID: 510453: Null pointer dereferences (FORWARD_NULL) Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> --- v2: Fix typo in subject line --- fs/squashfs/sqfs.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 7c364686f14..2dcdd60f683 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -949,7 +949,7 @@ static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp) goto out; }- token_list = malloc(token_count * sizeof(char *));+ token_list = calloc(token_count, sizeof(char *)); if (!token_list) { ret = -EINVAL; goto out; @@ -987,9 +987,11 @@ static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp) *dirsp = (struct fs_dir_stream *)dirs;out:- for (j = 0; j < token_count; j++) - free(token_list[j]); - free(token_list); + if (token_list) { + for (j = 0; j < token_count; j++) + free(token_list[j]); + free(token_list); + } free(pos_list); free(path); if (ret) {
Reviewed-by: Joao Marcos Costa <joaomarcos.co...@bootlin.com> -- Best regards, João Marcos Costa
