diff --git a/ChangeLog b/ChangeLog index 352c69c4f..c367bb134 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +2011-11-09 Vladimir Serbinenko + + Fix several memory leaks. + + * grub-core/fs/btrfs.c (grub_btrfs_dir): Fix memory leak. + * grub-core/fs/cpio.c (grub_cpio_find_file): Likewise. + (grub_cpio_dir): Likewise. + * grub-core/fs/fat.c (grub_fat_label): Likewise. + * grub-core/fs/jfs.c (grub_jfs_label): Likewise. + * grub-core/fs/romfs.c (grub_romfs_close): Likewise. + (grub_romfs_label): Likewise. + * grub-core/fs/squash4.c (squash_mount): Use zalloc for safety. + (squash_unmount): New function. + (grub_squash_dir): Fix memory leak. + (grub_squash_open): Likewise. + (grub_squash_read): Likewise. + (grub_squash_mtime): Likewise. + * grub-core/fs/xfs.c (grub_xfs_open): Likewise. + * grub-core/fs/zfs/zfs.c (check_pool_label): Likewise. + * util/grub-fstest.c (fstest): Likewise. + 2011-11-09 Vladimir Serbinenko * include/grub/misc.h (grub_strncat): Fix the order of conditionals to diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c index 3dc680034..e5aa3084c 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -1415,22 +1415,28 @@ grub_btrfs_dir (grub_device_t device, const char *path, err = find_path (data, path, &key_in, &tree, &type); if (err) - return err; + { + grub_btrfs_unmount (data); + return err; + } if (type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory"); + { + grub_btrfs_unmount (data); + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory"); + } err = lower_bound (data, &key_in, &key_out, tree, &elemaddr, &elemsize, &desc); if (err) - return err; + { + grub_btrfs_unmount (data); + return err; + } if (key_out.type != GRUB_BTRFS_ITEM_TYPE_DIR_ITEM || key_out.object_id != key_in.object_id) { r = next (data, &desc, &elemaddr, &elemsize, &key_out); if (r <= 0) - { - free_iterator (&desc); - return -r; - } + goto out; } do { @@ -1448,14 +1454,17 @@ grub_btrfs_dir (grub_device_t device, const char *path, direl = grub_malloc (allocated + 1); if (!direl) { - free_iterator (&desc); - return grub_errno; + r = -grub_errno; + break; } } err = grub_btrfs_read_logical (data, elemaddr, direl, elemsize); if (err) - return err; + { + r = -err; + break; + } for (cdirel = direl; (grub_uint8_t *) cdirel - (grub_uint8_t *) direl diff --git a/grub-core/fs/cpio.c b/grub-core/fs/cpio.c index b43e54ec9..39b35b335 100644 --- a/grub-core/fs/cpio.c +++ b/grub-core/fs/cpio.c @@ -147,6 +147,7 @@ grub_cpio_find_file (struct grub_cpio_data *data, char **name, && grub_memcmp(*name, "TRAILER!!!", 11) == 0) { *ofs = 0; + grub_free (*name); return GRUB_ERR_NONE; } @@ -481,6 +482,8 @@ grub_cpio_dir (grub_device_t device, const char *path_in, } } } + else + grub_free (name); data->hofs = ofs; } diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c index fb1113814..0d32e229d 100644 --- a/grub-core/fs/fat.c +++ b/grub-core/fs/fat.c @@ -1048,7 +1048,10 @@ grub_fat_label (grub_device_t device, char **label) grub_size_t chc; *label = grub_malloc (11 * 4 + 1); if (!*label) - return grub_errno; + { + grub_free (data); + return grub_errno; + } chc = dir.type_specific.volume_label.character_count; if (chc > ARRAY_SIZE (dir.type_specific.volume_label.str)) chc = ARRAY_SIZE (dir.type_specific.volume_label.str); @@ -1057,6 +1060,7 @@ grub_fat_label (grub_device_t device, char **label) } } + grub_free (data); return grub_errno; } diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c index cf7520bb3..91497f143 100644 --- a/grub-core/fs/jfs.c +++ b/grub-core/fs/jfs.c @@ -891,6 +891,8 @@ grub_jfs_label (grub_device_t device, char **label) else *label = 0; + grub_free (data); + return grub_errno; } diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c index 713e8293f..202ca102e 100644 --- a/grub-core/fs/romfs.c +++ b/grub-core/fs/romfs.c @@ -397,7 +397,10 @@ grub_romfs_read (grub_file_t file, char *buf, grub_size_t len) static grub_err_t grub_romfs_close (grub_file_t file) { - grub_free (file->data); + struct grub_fshelp_node *data = file->data; + + grub_free (data->data); + grub_free (data); return GRUB_ERR_NONE; } @@ -432,6 +435,7 @@ grub_romfs_label (grub_device_t device, char **label) return err; } (*label)[data->first_file - sizeof (struct grub_romfs_superblock)] = 0; + grub_free (data); return GRUB_ERR_NONE; } diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c index a3832b6be..0728287b7 100644 --- a/grub-core/fs/squash4.c +++ b/grub-core/fs/squash4.c @@ -287,7 +287,7 @@ squash_mount (grub_disk_t disk) if (err) return NULL; - data = grub_malloc (sizeof (*data)); + data = grub_zalloc (sizeof (*data)); if (!data) return NULL; data->sb = sb; @@ -418,6 +418,15 @@ make_root_node (struct grub_squash_data *data, struct grub_fshelp_node *root) grub_cpu_to_le16 (data->sb.root_ino_offset)); } +static void +squash_unmount (struct grub_squash_data *data) +{ + grub_free (data->ino.cumulated_block_sizes); + grub_free (data->ino.block_sizes); + grub_free (data); +} + + static grub_err_t grub_squash_dir (grub_device_t device, const char *path, int (*hook) (const char *filename, @@ -436,6 +445,7 @@ grub_squash_dir (grub_device_t device, const char *path, info.dir = ((filetype & GRUB_FSHELP_TYPE_MASK) == GRUB_FSHELP_DIR); info.mtimeset = 1; info.mtime = grub_le_to_cpu32 (node->ino.mtime); + grub_free (node); return hook (filename, &info); } @@ -457,7 +467,7 @@ grub_squash_dir (grub_device_t device, const char *path, if (!grub_errno) grub_squash_iterate_dir (fdiro, iterate); - grub_free (data); + squash_unmount (data); return grub_errno; } @@ -482,7 +492,7 @@ grub_squash_open (struct grub_file *file, const char *name) grub_squash_read_symlink, GRUB_FSHELP_REG); if (grub_errno) { - grub_free (data); + squash_unmount (data); return grub_errno; } @@ -499,6 +509,8 @@ grub_squash_open (struct grub_file *file, const char *name) else file->size = grub_le_to_cpu32 (fdiro->ino.file.size); + grub_free (fdiro); + return GRUB_ERR_NONE; } @@ -664,7 +676,7 @@ grub_squash_read (grub_file_t file, char *buf, grub_size_t len) static grub_err_t grub_squash_close (grub_file_t file) { - grub_free (file->data); + squash_unmount (file->data); return GRUB_ERR_NONE; } @@ -677,7 +689,7 @@ grub_squash_mtime (grub_device_t dev, grub_int32_t *tm) if (! data) return grub_errno; *tm = grub_le_to_cpu32 (data->sb.creation_time); - grub_free (data); + squash_unmount (data); return GRUB_ERR_NONE; } diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c index 3dc5e0af0..c4d47a099 100644 --- a/grub-core/fs/xfs.c +++ b/grub-core/fs/xfs.c @@ -771,10 +771,13 @@ grub_xfs_open (struct grub_file *file, const char *name) } if (fdiro != &data->diropen) - grub_memcpy (&data->diropen, fdiro, - sizeof (struct grub_fshelp_node) - - sizeof (struct grub_xfs_inode) - + (1 << data->sblock.log2_inode)); + { + grub_memcpy (&data->diropen, fdiro, + sizeof (struct grub_fshelp_node) + - sizeof (struct grub_xfs_inode) + + (1 << data->sblock.log2_inode)); + grub_free (fdiro); + } file->size = grub_be_to_cpu64 (data->diropen.inode.size); file->data = data; diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c index f85d56e99..7ceb16db2 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -781,9 +781,11 @@ check_pool_label (struct grub_zfs_data *data, err = fill_vdev_info (data, nv, diskdesc); if (err) { + grub_free (nv); grub_free (nvlist); return err; } + grub_free (nv); } grub_dprintf ("zfs", "check 10 passed\n"); diff --git a/util/grub-fstest.c b/util/grub-fstest.c index f90755e86..47b536771 100644 --- a/util/grub-fstest.c +++ b/util/grub-fstest.c @@ -401,7 +401,9 @@ fstest (int n, char **args) if (!uuid) grub_util_error ("couldn't retrieve UUID"); argv[1] = uuid; - execute_command ("xnu_uuid", 2, argv); + execute_command ("xnu_uuid", 2, argv); + grub_free (uuid); + grub_device_close (dev); } }