nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Darren Kenny <darren.kenny@oracle.com>
Date: Tue, 8 Dec 2020 10:00:51 +0000
Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references

The problem here is that the memory allocated to the variable lv is not
yet inserted into the list that is being processed at the label fail2.

As we can already see at line 342, which correctly frees lv before going
to fail2, we should also be doing that at these earlier jumps to fail2.

Fixes: CID 73824

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/disk/ldm.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
index 9c73d2217e9..2a953667986 100644
--- a/grub-core/disk/ldm.c
+++ b/grub-core/disk/ldm.c
@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk,
 	  lv->visible = 1;
 	  lv->segments = grub_zalloc (sizeof (*lv->segments));
 	  if (!lv->segments)
-	    goto fail2;
+	    {
+	      grub_free (lv);
+	      goto fail2;
+	    }
 	  lv->segments->start_extent = 0;
 	  lv->segments->type = GRUB_DISKFILTER_MIRROR;
 	  lv->segments->node_count = 0;
@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk,
 	  lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
 					     sizeof (*lv->segments->nodes));
 	  if (!lv->segments->nodes)
-	    goto fail2;
+	    {
+	      grub_free (lv);
+	      goto fail2;
+	    }
 	  ptr = vblk[i].dynamic;
 	  if (ptr + *ptr + 1 >= vblk[i].dynamic
 	      + sizeof (vblk[i].dynamic))