dirs->entry shouldn't be left dangling as it could be freed twice.
Signed-off-by: Richard Genoud richard.genoud@posteo.net --- fs/squashfs/sqfs.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 7da2e09cc36..3b008b5235c 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -1569,6 +1569,7 @@ int sqfs_size(const char *filename, loff_t *size) if (!ret) break; free(dirs->entry); + dirs->entry = NULL; }
if (ret) { @@ -1582,6 +1583,7 @@ int sqfs_size(const char *filename, loff_t *size) ipos = sqfs_find_inode(dirs->inode_table, i_number, sblk->inodes, sblk->block_size); free(dirs->entry); + dirs->entry = NULL;
base = (struct squashfs_base_inode *)ipos; switch (get_unaligned_le16(&base->inode_type)) {