From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH] gunzip: don't leak memory on error paths
Date: Mon, 6 May 2024 10:08:40 +0200 [thread overview]
Message-ID: <33b93fdf-bf16-49b8-aec2-0b2c19f5c471@suse.com> (raw)
While decompression errors are likely going to be fatal to Xen's boot
process anyway, the latest with the goal of doing multiple decompressor
runs it is likely better to avoid leaks even on error paths. All the
more when this way code size actually shrinks a tiny bit.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
This is quite the opposite of Coverity reporting use-after-free-s and
free-after-free-s in inflate_dynamic() for tl and td, for an unclear to
me reason.
--- a/xen/common/gzip/inflate.c
+++ b/xen/common/gzip/inflate.c
@@ -757,16 +757,14 @@ static int noinline __init inflate_fixed
}
/* decompress until an end-of-block code */
- if (inflate_codes(tl, td, bl, bd)) {
- free(l);
- return 1;
- }
+ i = inflate_codes(tl, td, bl, bd);
/* free the decoding tables, return */
free(l);
huft_free(tl);
huft_free(td);
- return 0;
+
+ return !!i;
}
/*
@@ -940,19 +938,17 @@ static int noinline __init inflate_dynam
DEBG("dyn6 ");
/* decompress until an end-of-block code */
- if (inflate_codes(tl, td, bl, bd)) {
- ret = 1;
- goto out;
- }
+ ret = !!inflate_codes(tl, td, bl, bd);
- DEBG("dyn7 ");
+ if (!ret)
+ DEBG("dyn7 ");
/* free the decoding tables, return */
huft_free(tl);
huft_free(td);
- DEBG(">");
- ret = 0;
+ if (!ret)
+ DEBG(">");
out:
free(ll);
return ret;
next reply other threads:[~2024-05-06 8:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 8:08 Jan Beulich [this message]
2024-05-08 23:43 ` [PATCH] gunzip: don't leak memory on error paths Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33b93fdf-bf16-49b8-aec2-0b2c19f5c471@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).