[PATCH] lib: fwts_pipeio: fix memory leak on zero sized text allocation

Colin King colin.king at canonical.com
Wed Feb 1 07:39:16 UTC 2017 

From: Colin Ian King <colin.king at canonical.com>

This fixes a corner case where a zero sized allocation could
leak memory. Detected by CoverityScan.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 src/lib/src/fwts_pipeio.c | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/lib/src/fwts_pipeio.c b/src/lib/src/fwts_pipeio.c
index eeafa7d..a2c941f 100644
--- a/src/lib/src/fwts_pipeio.c
+++ b/src/lib/src/fwts_pipeio.c
@@ -191,17 +191,13 @@ int fwts_pipe_readwrite(
 			if (n == 0)
 				break;
 			if (n < 0) {
-				if (errno != EINTR && errno != EAGAIN) {
-					free(ptr);
-					return -1;
-				}
+				if (errno != EINTR && errno != EAGAIN)
+					goto fail;
 				continue;
 			}
 
-			if ((tmp = realloc(ptr, out_size + n + 1)) == NULL) {
-				free(ptr);
-				return -1;
-			}
+			if ((tmp = realloc(ptr, out_size + n + 1)) == NULL)
+				goto fail;
 			ptr = tmp;
 			memcpy(ptr + out_size, buffer, n);
 			out_size += n;
@@ -212,10 +208,8 @@ int fwts_pipe_readwrite(
 			n = write(in_fd, in_buf, in_size);
 
 			if (n < 0) {
-				if (errno != EINTR && errno != EAGAIN) {
-					free(ptr);
-					return -1;
-				}
+				if (errno != EINTR && errno != EAGAIN)
+					goto fail;
 				continue;
 			}
 
@@ -225,9 +219,16 @@ int fwts_pipe_readwrite(
 
 	}
 
-	*out_len = out_size;
-	*out_buf = ptr;
-	return 0;
+	if (out_size) {
+		*out_len = out_size;
+		*out_buf = ptr;
+		return 0;
+	}
+fail:
+	free(ptr);
+	*out_len = 0;
+	*out_buf = NULL;
+	return -1;
 }
 
 /*
@@ -279,7 +280,7 @@ int fwts_pipe_exec(const char *command, fwts_list **list, int *status)
 	pid_t 	pid;
 	int	rc, fd;
 	ssize_t	len;
-	char 	*text;
+	char 	*text = NULL;
 
 	if (fwts_pipe_open_ro(command, &pid, &fd) < 0)
 		return FWTS_ERROR;
@@ -287,10 +288,10 @@ int fwts_pipe_exec(const char *command, fwts_list **list, int *status)
 	rc = fwts_pipe_read(fd, &text, &len);
 	if (!rc && len > 0) {
 		*list = fwts_list_from_text(text);
-		free(text);
 	} else {
 		*list = NULL;
 	}
+	free(text);
 
 	*status = fwts_pipe_close(fd, pid);
 	if (rc || *status) {
-- 
2.10.2

More information about the fwts-devel mailing list