fs/squashfs/decompressor_multi.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Fri, 29 Dec 2023 21:30:26 +0100
The kfree() function was called in two cases by
the squashfs_decompressor_create() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.
* Thus return directly after a call of the function “kzalloc” failed
at the beginning.
* Use another label.
* Move an error code assignment into an if branch.
* Delete an initialisation (for the variable “decomp_strm”)
which became unnecessary with this refactoring.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
fs/squashfs/decompressor_multi.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/fs/squashfs/decompressor_multi.c b/fs/squashfs/decompressor_multi.c
index 416c53eedbd1..81fd15d5163c 100644
--- a/fs/squashfs/decompressor_multi.c
+++ b/fs/squashfs/decompressor_multi.c
@@ -62,12 +62,12 @@ static void *squashfs_decompressor_create(struct squashfs_sb_info *msblk,
void *comp_opts)
{
struct squashfs_stream *stream;
- struct decomp_stream *decomp_strm = NULL;
- int err = -ENOMEM;
+ struct decomp_stream *decomp_strm;
+ int err;
stream = kzalloc(sizeof(*stream), GFP_KERNEL);
if (!stream)
- goto out;
+ return ERR_PTR(-ENOMEM);
stream->comp_opts = comp_opts;
mutex_init(&stream->mutex);
@@ -81,8 +81,10 @@ static void *squashfs_decompressor_create(struct squashfs_sb_info *msblk,
* file system works.
*/
decomp_strm = kmalloc(sizeof(*decomp_strm), GFP_KERNEL);
- if (!decomp_strm)
- goto out;
+ if (!decomp_strm) {
+ err = -ENOMEM;
+ goto free_stream;
+ }
decomp_strm->stream = msblk->decompressor->init(msblk,
stream->comp_opts);
@@ -97,6 +99,7 @@ static void *squashfs_decompressor_create(struct squashfs_sb_info *msblk,
out:
kfree(decomp_strm);
+free_stream:
kfree(stream);
return ERR_PTR(err);
}
--
2.43.0> On 30/12/2023 09:55 GMT Markus Elfring <markus.elfring@web.de> wrote: > > > From: Markus Elfring <elfring@users.sourceforge.net> > Date: Fri, 29 Dec 2023 21:30:26 +0100 > > The kfree() function was called in two cases by > the squashfs_decompressor_create() function during error handling > even if the passed variable contained a null pointer. > This issue was detected by using the Coccinelle software. > > * Thus return directly after a call of the function “kzalloc” failed > at the beginning. > > * Use another label. > > * Move an error code assignment into an if branch. > > * Delete an initialisation (for the variable “decomp_strm”) > which became unnecessary with this refactoring. > > Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> As mentioned in this thread (and many others) https://lore.kernel.org/all/20240104204032.GN31813@kernel.org/ calling Kfree with a NULL pointer is perfectly valid. So like most others I'm going to ignore this patch. Cheers Phillip
© 2016 - 2025 Red Hat, Inc.