[PATCH] gunzip: don't leak memory on error paths

Xen-Devel Archive mirror
 help / color / mirror / Atom feed

From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	George Dunlap <george.dunlap@citrix.com>,
	Julien Grall <julien@xen.org>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH] gunzip: don't leak memory on error paths
Date: Mon, 6 May 2024 10:08:40 +0200	[thread overview]
Message-ID: <33b93fdf-bf16-49b8-aec2-0b2c19f5c471@suse.com> (raw)

While decompression errors are likely going to be fatal to Xen's boot
process anyway, the latest with the goal of doing multiple decompressor
runs it is likely better to avoid leaks even on error paths. All the
more when this way code size actually shrinks a tiny bit.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
This is quite the opposite of Coverity reporting use-after-free-s and
free-after-free-s in inflate_dynamic() for tl and td, for an unclear to
me reason.

--- a/xen/common/gzip/inflate.c
+++ b/xen/common/gzip/inflate.c
@@ -757,16 +757,14 @@ static int noinline __init inflate_fixed
     }
 
     /* decompress until an end-of-block code */
-    if (inflate_codes(tl, td, bl, bd)) {
-        free(l);
-        return 1;
-    }
+    i = inflate_codes(tl, td, bl, bd);
 
     /* free the decoding tables, return */
     free(l);
     huft_free(tl);
     huft_free(td);
-    return 0;
+
+    return !!i;
 }
 
 /*
@@ -940,19 +938,17 @@ static int noinline __init inflate_dynam
     DEBG("dyn6 ");
 
     /* decompress until an end-of-block code */
-    if (inflate_codes(tl, td, bl, bd)) {
-        ret = 1;
-        goto out;
-    }
+    ret = !!inflate_codes(tl, td, bl, bd);
 
-    DEBG("dyn7 ");
+    if (!ret)
+       DEBG("dyn7 ");
 
     /* free the decoding tables, return */
     huft_free(tl);
     huft_free(td);
 
-    DEBG(">");
-    ret = 0;
+    if (!ret)
+       DEBG(">");
  out:
     free(ll);
     return ret;

next             reply	other threads:[~2024-05-06  8:09 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-06  8:08 Jan Beulich [this message]
2024-05-08 23:43 ` [PATCH] gunzip: don't leak memory on error paths Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33b93fdf-bf16-49b8-aec2-0b2c19f5c471@suse.com \
    --to=jbeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=julien@xen.org \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).