From 04d0da51578e12bd7c490aa70ed581ee5f9dcfea Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 21 Sep 2017 12:56:07 +0200 Subject: sandbox: avoid memory leak in os_dirent_ls Realloc does not free the old memory area if it fails. Identified by cppcheck. Signed-off-by: Heinrich Schuchardt Reviewed-by: Simon Glass --- arch/sandbox/cpu/os.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'arch/sandbox/cpu') diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c index 22d6aab5348..c524957b6c5 100644 --- a/arch/sandbox/cpu/os.c +++ b/arch/sandbox/cpu/os.c @@ -319,6 +319,7 @@ int os_dirent_ls(const char *dirname, struct os_dirent_node **headp) DIR *dir; int ret; char *fname; + char *old_fname; int len; int dirlen; @@ -344,16 +345,23 @@ int os_dirent_ls(const char *dirname, struct os_dirent_node **headp) break; } next = malloc(sizeof(*node) + strlen(entry->d_name) + 1); - if (dirlen + strlen(entry->d_name) > len) { - len = dirlen + strlen(entry->d_name); - fname = realloc(fname, len); - } - if (!next || !fname) { - free(next); + if (!next) { os_dirent_free(head); ret = -ENOMEM; goto done; } + if (dirlen + strlen(entry->d_name) > len) { + len = dirlen + strlen(entry->d_name); + old_fname = fname; + fname = realloc(fname, len); + if (!fname) { + free(old_fname); + free(next); + os_dirent_free(head); + ret = -ENOMEM; + goto done; + } + } next->next = NULL; strcpy(next->name, entry->d_name); switch (entry->d_type) { -- cgit v1.2.3