From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web11.102780.1674828764560919469 for ; Fri, 27 Jan 2023 06:12:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Aopg5oNI; spf=pass (domain: gmail.com, ip: 209.85.216.47, mailfrom: pedro.falcato@gmail.com) Received: by mail-pj1-f47.google.com with SMTP id e10-20020a17090a630a00b0022bedd66e6dso8775296pjj.1 for ; Fri, 27 Jan 2023 06:12:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9K9mrCOt2SbQ6I8b9cLOXOCWaUBIkrcr2T30Gz3UevU=; b=Aopg5oNIim6mFkyTveKgPd0+N8w5syjnPez9aORDZP/wS9dar2qKNy0iYrnqwZWzd1 ciR3MFLvcmVEtnXHZqRjO6Lf5MJmM3Z+HXw5CFPm5qSAWRNxkxQ/BBFlpeYWS4trxJMl 7dfG6N9TS2vp5p2RDC3camc4y8sJeO15i0kPvW+SvnPlE7j9xYk+iqOtvv1TPUvT986z hXd37UGHifscmbnB0KteR/xwYap9PpSKfXVPm5oBlugWDwyAyWwtHsrq+t27Dyd0byBZ f66dqiQhlzt0ghtT8GecyfRXEWqB1Mf5acdjRb0UkoqCrhtmTmfdZBPgj24Fx1KMu1Jm 2tAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9K9mrCOt2SbQ6I8b9cLOXOCWaUBIkrcr2T30Gz3UevU=; b=jZR49vA4x8hTHM58iBB1hAPTrVlMPbEhJEZBqPPSZytwYv9lwViBKi2q3m84Xf8Mpb 3Y684UhoGhmUxl4zD3dyVNtAgFPB+HP1YClOY13hkAboY9AllRTaTb5GGlq1h+NSr3Db FPywRDsJSl5Nt9HzW+amTZ+kBesdlA6eTfsDJCi4QLQ8hT5TvFV3/a8lBTN9QmHeGo+Y ddbSmHozQiEzktoLOYMXBMav9eIXmFep6JaL6boXjm7J6U8sBgWnqViFZqdfKdc98PYy 6dHsBQEWhMjE8Sp6cC2JK3MtzDbbwxRA/mj8xlsu16mOV/aL0URj+kEsQs96SSvH3pPk MHWw== X-Gm-Message-State: AFqh2kqfa87NgAe3ZkCnnQqelDCFGyCvle+LPBVMWcKj4vPb6mmJUKHa AVK99VOA9Fld4QCk8sY+4zG2MXQ+eebr9sxIvdk= X-Google-Smtp-Source: AMrXdXuXwtQtDKme6xOv/xsdIgZI8gn+SM+MqhR7mqZVa26QMT8On61r2M063/jV/O0Vz53/r0F20GQ3jSfZazF47lE= X-Received: by 2002:a17:902:d889:b0:194:7ca9:70a8 with SMTP id b9-20020a170902d88900b001947ca970a8mr4088784plz.12.1674828763960; Fri, 27 Jan 2023 06:12:43 -0800 (PST) MIME-Version: 1.0 References: <20230127092945.94389-1-savvamtr@gmail.com> <20230127092945.94389-2-savvamtr@gmail.com> In-Reply-To: <20230127092945.94389-2-savvamtr@gmail.com> From: "Pedro Falcato" Date: Fri, 27 Jan 2023 14:12:32 +0000 Message-ID: Subject: Re: [edk2-platforms][PATCH v3 01/11] Ext4Pkg: Fix memory leak in Ext4RetrieveDirent To: Savva Mitrofanov Cc: devel@edk2.groups.io, =?UTF-8?Q?Marvin_H=C3=A4user?= , Vitaly Cheptsov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov wrote= : > > We need to free buffer on return if BlockRemainder !=3D 0. Also changed > return logic from function to use use common exit to prevent code > duplication. > > Cc: Marvin H=C3=A4user > Cc: Pedro Falcato > Cc: Vitaly Cheptsov > Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.") > Signed-off-by: Savva Mitrofanov > --- > Features/Ext4Pkg/Ext4Dxe/Directory.c | 30 +++++++++++--------- > 1 file changed, 16 insertions(+), 14 deletions(-) > > diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4= Dxe/Directory.c > index 456916453952..f80b1aacd459 100644 > --- a/Features/Ext4Pkg/Ext4Dxe/Directory.c > +++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c > @@ -113,8 +113,7 @@ Ext4RetrieveDirent ( > UINTN ToCopy; > UINTN BlockOffset; > > - Status =3D EFI_NOT_FOUND; > - Buf =3D AllocatePool (Partition->BlockSize); > + Buf =3D AllocatePool (Partition->BlockSize); > > if (Buf =3D=3D NULL) { > return EFI_OUT_OF_RESOURCES; > @@ -128,7 +127,8 @@ Ext4RetrieveDirent ( > DivU64x32Remainder (DirInoSize, Partition->BlockSize, &BlockRemainder)= ; > if (BlockRemainder !=3D 0) { > // Directory inodes need to have block aligned sizes > - return EFI_VOLUME_CORRUPTED; > + Status =3D EFI_VOLUME_CORRUPTED; > + goto Out; > } > > while (Off < DirInoSize) { > @@ -137,8 +137,7 @@ Ext4RetrieveDirent ( > Status =3D Ext4Read (Partition, Directory, Buf, Off, &Length); > > if (Status !=3D EFI_SUCCESS) { > - FreePool (Buf); > - return Status; > + goto Out; > } > > for (BlockOffset =3D 0; BlockOffset < Partition->BlockSize; ) { > @@ -146,19 +145,19 @@ Ext4RetrieveDirent ( > RemainingBlock =3D Partition->BlockSize - BlockOffset; > // Check if the minimum directory entry fits inside [BlockOffset, = EndOfBlock] > if (RemainingBlock < EXT4_MIN_DIR_ENTRY_LEN) { > - FreePool (Buf); > - return EFI_VOLUME_CORRUPTED; > + Status =3D EFI_VOLUME_CORRUPTED; > + goto Out; > } > > if (!Ext4ValidDirent (Entry)) { > - FreePool (Buf); > - return EFI_VOLUME_CORRUPTED; > + Status =3D EFI_VOLUME_CORRUPTED; > + goto Out; > } > > if ((Entry->name_len > RemainingBlock) || (Entry->rec_len > Remain= ingBlock)) { > // Corrupted filesystem > - FreePool (Buf); > - return EFI_VOLUME_CORRUPTED; > + Status =3D EFI_VOLUME_CORRUPTED; > + goto Out; > } > > // Unused entry > @@ -193,8 +192,8 @@ Ext4RetrieveDirent ( > ToCopy =3D MIN (Entry->rec_len, sizeof (EXT4_DIR_ENTRY)); > > CopyMem (Result, Entry, ToCopy); > - FreePool (Buf); > - return EFI_SUCCESS; > + Status =3D EFI_SUCCESS; > + goto Out; > } > > BlockOffset +=3D Entry->rec_len; > @@ -203,8 +202,11 @@ Ext4RetrieveDirent ( > Off +=3D Partition->BlockSize; > } > > + Status =3D EFI_NOT_FOUND; > + > +Out: > FreePool (Buf); > - return EFI_NOT_FOUND; > + return Status; > } > > /** > -- > 2.39.0 > Reviewed-by: Pedro Falcato --=20 Pedro