Hi Renaud,
On Friday 30 September 2011 18:42:52 Renaud Barbier wrote:
Looking at the function ubifs_finddir in the file fs/ubifs/ubifs.c, I was wondering if some memory had not been freed before the function returns.
287 static int ubifs_finddir(struct super_block *sb, char *dirname, 288 unsigned long root_inum, unsigned long *inum) 289 { ...
299 file = kzalloc(sizeof(struct file), 0); 300 dentry = kzalloc(sizeof(struct dentry), 0); 301 dir = kzalloc(sizeof(struct inode), 0);
.... 336 if ((strncmp(dirname, (char *)dent->name, nm.len) == 0) && 337 (strlen(dirname) == nm.len)) { 338 *inum = le64_to_cpu(dent->inum); 339 return 1; 340 }
Line 339 returns without freeing file, dentry and dir.
Maybe wrong but could somebody check that.
Yes, you definitely seem to be correct here. Thanks for catching this.
Do you want to sent a patch fixing this? That would be great. Otherwise I'll try to come up with a patch soon...
Thanks, Stefan
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-0 Fax: (+49)-8142-66989-80 Email: office@denx.de