Blame SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Marco A Benatto <mbenatto@redhat.com>
468bd4
Date: Mon, 30 Nov 2020 12:18:24 -0300
468bd4
Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
468bd4
 grub_xnu_writetree_toheap()
468bd4
468bd4
... to avoid memory leaks.
468bd4
468bd4
Fixes: CID 96640
468bd4
468bd4
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
468bd4
 1 file changed, 20 insertions(+), 4 deletions(-)
468bd4
468bd4
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
030dc3
index 16bfa7cec72..af885a648c6 100644
468bd4
--- a/grub-core/loader/xnu.c
468bd4
+++ b/grub-core/loader/xnu.c
468bd4
@@ -228,26 +228,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
468bd4
   if (! memorymap)
468bd4
     return grub_errno;
468bd4
 
468bd4
-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
468bd4
+  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
468bd4
   if (! driverkey)
468bd4
     return grub_errno;
468bd4
   driverkey->name = grub_strdup ("DeviceTree");
468bd4
   if (! driverkey->name)
468bd4
-    return grub_errno;
468bd4
+    {
468bd4
+      err = grub_errno;
468bd4
+      goto fail;
468bd4
+    }
468bd4
+
468bd4
   driverkey->datasize = sizeof (*extdesc);
468bd4
   driverkey->next = memorymap->first_child;
468bd4
   memorymap->first_child = driverkey;
468bd4
   driverkey->data = extdesc
468bd4
     = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
468bd4
   if (! driverkey->data)
468bd4
-    return grub_errno;
468bd4
+    {
468bd4
+      err = grub_errno;
468bd4
+      goto fail;
468bd4
+    }
468bd4
 
468bd4
   /* Allocate the space based on the size with dummy value. */
468bd4
   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
468bd4
   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
468bd4
 			      &src, target);
468bd4
   if (err)
468bd4
-    return err;
468bd4
+    goto fail;
468bd4
 
468bd4
   /* Put real data in the dummy. */
468bd4
   extdesc->addr = *target;
468bd4
@@ -256,6 +263,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
468bd4
   /* Write the tree to heap. */
468bd4
   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
468bd4
   return GRUB_ERR_NONE;
468bd4
+
468bd4
+ fail:
468bd4
+  memorymap->first_child = NULL;
468bd4
+
468bd4
+  grub_free (driverkey->data);
468bd4
+  grub_free (driverkey->name);
468bd4
+  grub_free (driverkey);
468bd4
+
468bd4
+  return err;
468bd4
 }
468bd4
 
468bd4
 /* Find a key or value in parent key. */