From: Baokun Li libaokun1@huawei.com
hulk inclusion category: bugfix bugzilla: 185988, https://gitee.com/openeuler/kernel/issues/I4YVV3
--------------------------------
In jffs2_scan_medium, if `s = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);` returns error, go to "out" to do clear. Null pointer dereference occurs when `if (s->sum_list_head)` is executed in "out".
Fixes: bf7ba557361f ("[Huawei] jffs2: fix memory leak in jffs2_scan_medium") Signed-off-by: Baokun Li libaokun1@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/jffs2/scan.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 49b0637fb36e..29671e33a171 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -136,7 +136,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c) if (!s) { JFFS2_WARNING("Can't allocate memory for summary\n"); ret = -ENOMEM; - goto out; + goto out_buf; } }
@@ -275,15 +275,15 @@ int jffs2_scan_medium(struct jffs2_sb_info *c) } ret = 0; out: + jffs2_sum_reset_collected(s); + kfree(s); + out_buf: if (buf_size) kfree(flashbuf); #ifndef __ECOS else mtd_unpoint(c->mtd, 0, c->mtd->size); #endif - if (s->sum_list_head) - jffs2_sum_reset_collected(s); - kfree(s); return ret; }