From nobody Tue Feb 10 10:04:26 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+99447+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99447+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1675333300; cv=none;
	d=zohomail.com; s=zohoarc;
	b=cpe77sw8IzF3xJetuBO9u8GiqB7VgGZLpOxFujTTBgNPFdqyzMPIL3h9K7bFH5GNXs987EkXH7NyvWdD7MZq3K20wj42p6+CR0V4UZQUthrgeFN7AbwLyi5orN99vDVn7WK/kHdHcGrpNoieaHDG5txmj9qu/kYwO9Bcl7+sa84=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1675333300;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=Y9L45H5v7N+WBcWYysxHjb5J6mTOE6lWTogcIFFHrgY=;
	b=hgjibJ9xIQGuvL0eHY7lQC3W/xQBrxjDRK+P4ZmU8T/E/7PW+/jcf2j3+fwPDhwJ5F+jcm/teGh6eJDWXHVlISmKZWx5o11tElMjGqv0+z0evuK/HA4dcgUWRVmr0VT/wXatY9u/VVMrsHYtdFBTbnlpwB8a/kBICf0umEi5FBQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99447+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 167533330094661.27782171058084;
 Thu, 2 Feb 2023 02:21:40 -0800 (PST)
Return-Path: <bounce+27952+99447+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id FbCmYY1788612xAIFPF8ReUz;
 Thu, 02 Feb 2023 02:21:40 -0800
X-Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com
 [209.85.218.49])
 by mx.groups.io with SMTP id smtpd.web11.11509.1675333299778625849
 for <devel@edk2.groups.io>;
 Thu, 02 Feb 2023 02:21:40 -0800
X-Received: by mail-ej1-f49.google.com with SMTP id ml19so4716064ejb.0
        for <devel@edk2.groups.io>; Thu, 02 Feb 2023 02:21:39 -0800 (PST)
X-Gm-Message-State: IMhv9l2EDUp5vacw2Q81AQYSx1787277AA=
X-Google-Smtp-Source: 
 AK7set+wLOlBaPT6q9JjT2AWGNlX0XMnOZOS3p4zXKK8NHmmr+zKo0kvL8g9Q6mnxRxBGcp7jbDs5Q==
X-Received: by 2002:a17:906:b5a:b0:878:72f7:bd99 with SMTP id
 v26-20020a1709060b5a00b0087872f7bd99mr5850588ejg.6.1675333297979;
        Thu, 02 Feb 2023 02:21:37 -0800 (PST)
X-Received: from localhost.localdomain ([176.62.67.29])
        by smtp.gmail.com with ESMTPSA id
 ci22-20020a170906c35600b0087bcda2b07bsm10013121ejb.202.2023.02.02.02.21.37
        (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
        Thu, 02 Feb 2023 02:21:37 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v4 01/12] Ext4Pkg: Fix memory
 leak in Ext4RetrieveDirent
Date: Thu,  2 Feb 2023 16:21:22 +0600
Message-Id: <20230202102133.51606-2-savvamtr@gmail.com>
In-Reply-To: <20230202102133.51606-1-savvamtr@gmail.com>
References: <20230202102133.51606-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1675333300;
 bh=5v6NdoMZ43gGchvK7u+59X/3os1owZpfO8FOH0tiqbg=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=CRX1Z09nnWWUWjuWw+a5pjvuhIUc3zwm1Z2xB2IQoaT9F8MOGZj5bLkL+DTwNK456R4
 v5xvgA/hzfIYErTdET6aJD/Wm4ywMMe1Lbj6F7b1XLMM1DS87JZUKDhTx5rwQn8SuyfLX
 rt6Qq8P9viVsdPVNvZqS7dgURuEuI79uCk0=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1675333301230100004
Content-Type: text/plain; charset="utf-8"

We need to free buffer on return if BlockRemainder !=3D 0. Also changed
return logic from function to use use common exit to prevent code
duplication.

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
Reviewed-by: Marvin H=C3=A4user <mhaeuser@posteo.de>
---
 Features/Ext4Pkg/Ext4Dxe/Directory.c | 30 +++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index 73d21d9f9542..c7992cc72717 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -113,8 +113,7 @@ Ext4RetrieveDirent (
   UINTN           ToCopy;

   UINTN           BlockOffset;

=20

-  Status =3D EFI_NOT_FOUND;

-  Buf    =3D AllocatePool (Partition->BlockSize);

+  Buf =3D AllocatePool (Partition->BlockSize);

=20

   if (Buf =3D=3D NULL) {

     return EFI_OUT_OF_RESOURCES;

@@ -128,7 +127,8 @@ Ext4RetrieveDirent (
   DivU64x32Remainder (DirInoSize, Partition->BlockSize, &BlockRemainder);

   if (BlockRemainder !=3D 0) {

     // Directory inodes need to have block aligned sizes

-    return EFI_VOLUME_CORRUPTED;

+    Status =3D EFI_VOLUME_CORRUPTED;

+    goto Out;

   }

=20

   while (Off < DirInoSize) {

@@ -137,8 +137,7 @@ Ext4RetrieveDirent (
     Status =3D Ext4Read (Partition, Directory, Buf, Off, &Length);

=20

     if (Status !=3D EFI_SUCCESS) {

-      FreePool (Buf);

-      return Status;

+      goto Out;

     }

=20

     for (BlockOffset =3D 0; BlockOffset < Partition->BlockSize; ) {

@@ -146,19 +145,19 @@ Ext4RetrieveDirent (
       RemainingBlock =3D Partition->BlockSize - BlockOffset;

       // Check if the minimum directory entry fits inside [BlockOffset, En=
dOfBlock]

       if (RemainingBlock < EXT4_MIN_DIR_ENTRY_LEN) {

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       if (!Ext4ValidDirent (Entry)) {

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       if ((Entry->name_len > RemainingBlock) || (Entry->rec_len > Remainin=
gBlock)) {

         // Corrupted filesystem

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       // Unused entry

@@ -193,8 +192,8 @@ Ext4RetrieveDirent (
         ToCopy =3D MIN (Entry->rec_len, sizeof (EXT4_DIR_ENTRY));

=20

         CopyMem (Result, Entry, ToCopy);

-        FreePool (Buf);

-        return EFI_SUCCESS;

+        Status =3D EFI_SUCCESS;

+        goto Out;

       }

=20

       BlockOffset +=3D Entry->rec_len;

@@ -203,8 +202,11 @@ Ext4RetrieveDirent (
     Off +=3D Partition->BlockSize;

   }

=20

+  Status =3D EFI_NOT_FOUND;

+

+Out:

   FreePool (Buf);

-  return EFI_NOT_FOUND;

+  return Status;

 }

=20

 /**

--=20
2.39.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99447): https://edk2.groups.io/g/devel/message/99447
Mute This Topic: https://groups.io/mt/96697366/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-