Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
grub2.16002
0006-iso9660-Don-t-leak-memory-on-realloc-failu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch of Package grub2.16002
From 30508bd4692d2e022eff2e7f9c4be9f8abf57977 Mon Sep 17 00:00:00 2001 From: Peter Jones <pjones@redhat.com> Date: Sat, 4 Jul 2020 12:25:09 -0400 Subject: [PATCH 6/7] iso9660: Don't leak memory on realloc() failures Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> --- grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c index 7ba5b300b..5ec4433b8 100644 --- a/grub-core/fs/iso9660.c +++ b/grub-core/fs/iso9660.c @@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, { int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; grub_size_t sz; + char *new; if (grub_add (size, len2, &sz) || grub_add (sz, 1, &sz)) return; - ctx->symlink = grub_realloc (ctx->symlink, sz); - if (! ctx->symlink) - return; + new = grub_realloc (ctx->symlink, sz); + if (!new) + { + grub_free (ctx->symlink); + ctx->symlink = NULL; + return; + } + ctx->symlink = new; grub_memcpy (ctx->symlink + size, part, len2); ctx->symlink[size + len2] = 0; @@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, is the length. Both are part of the `Component Record'. */ if (ctx->symlink && !ctx->was_continue) - add_part (ctx, "/", 1); + { + add_part (ctx, "/", 1); + if (grub_errno) + return grub_errno; + } + add_part (ctx, (char *) &entry->data[pos + 2], entry->data[pos + 1]); ctx->was_continue = (entry->data[pos] & 1); @@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, add_part (ctx, "/", 1); break; } + + /* Check if grub_realloc() failed in add_part(). */ + if (grub_errno) + return grub_errno; + /* In pos + 1 the length of the `Component Record' is stored. */ pos += entry->data[pos + 1] + 2; -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor