As noted by Coverity, when we have an error in alloc_triple_indirect_block we will leak ti_pbuff_start_addr as it's not being freed. Further inspection here shows that we could also leak ti_cbuff_start_addr in one corner case so free that as well.

Reported-by: Coverity (CID 131205, 131206) Signed-off-by: Tom Rini trini@konsulko.com --- fs/ext4/ext4_common.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c index 14096e0..420d4e1 100644 --- a/fs/ext4/ext4_common.c +++ b/fs/ext4/ext4_common.c @@ -1287,11 +1287,11 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, ti_gp_blockno = ext4fs_get_new_blk_no(); if (ti_gp_blockno == -1) { printf("no block left to assign\n"); - goto fail; + return; } ti_gp_buff = zalloc(fs->blksz); if (!ti_gp_buff) - goto fail; + return;

ti_gp_buff_start_addr = ti_gp_buff; (*no_blks_reqd)++; @@ -1321,11 +1321,11 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, ti_child_blockno = ext4fs_get_new_blk_no(); if (ti_child_blockno == -1) { printf("no block left assign\n"); - goto fail; + goto fail1; } ti_child_buff = zalloc(fs->blksz); if (!ti_child_buff) - goto fail; + goto fail1;

ti_cbuff_start_addr = ti_child_buff; *ti_parent_buff = ti_child_blockno; @@ -1341,7 +1341,8 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, ext4fs_get_new_blk_no(); if (actual_block_no == -1) { printf("no block left\n"); - goto fail; + free(ti_cbuff_start_addr); + goto fail1; } *ti_child_buff = actual_block_no; debug("TIAB %ld: %u\n", actual_block_no, @@ -1373,7 +1374,11 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, put_ext4(((uint64_t) ((uint64_t)ti_gp_blockno * (uint64_t)fs->blksz)), ti_gp_buff_start_addr, fs->blksz); file_inode->b.blocks.triple_indir_block = ti_gp_blockno; + free(ti_gp_buff_start_addr); + return; } +fail1: + free(ti_pbuff_start_addr); fail: free(ti_gp_buff_start_addr); }