1*4882a593SmuzhiyunFrom 9213575b7a95b514bce80be5964a28d407d7d56d Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Darren Kenny <darren.kenny@oracle.com> 3*4882a593SmuzhiyunDate: Fri, 4 Dec 2020 18:56:48 +0000 4*4882a593SmuzhiyunSubject: [PATCH] normal/completion: Fix leaking of memory when processing a 5*4882a593Smuzhiyun completion 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunIt is possible for the code to reach the end of the function without 8*4882a593Smuzhiyunfreeing the memory allocated to argv and argc still to be 0. 9*4882a593Smuzhiyun 10*4882a593SmuzhiyunWe should always call grub_free(argv). The grub_free() will handle 11*4882a593Smuzhiyuna NULL argument correctly if it reaches that code without the memory 12*4882a593Smuzhiyunbeing allocated. 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunFixes: CID 96672 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunSigned-off-by: Darren Kenny <darren.kenny@oracle.com> 17*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 18*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 19*4882a593Smuzhiyun--- 20*4882a593Smuzhiyun grub-core/normal/completion.c | 10 ++++------ 21*4882a593Smuzhiyun 1 file changed, 4 insertions(+), 6 deletions(-) 22*4882a593Smuzhiyun 23*4882a593Smuzhiyundiff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c 24*4882a593Smuzhiyunindex 5961028..46e473c 100644 25*4882a593Smuzhiyun--- a/grub-core/normal/completion.c 26*4882a593Smuzhiyun+++ b/grub-core/normal/completion.c 27*4882a593Smuzhiyun@@ -400,8 +400,8 @@ char * 28*4882a593Smuzhiyun grub_normal_do_completion (char *buf, int *restore, 29*4882a593Smuzhiyun void (*hook) (const char *, grub_completion_type_t, int)) 30*4882a593Smuzhiyun { 31*4882a593Smuzhiyun- int argc; 32*4882a593Smuzhiyun- char **argv; 33*4882a593Smuzhiyun+ int argc = 0; 34*4882a593Smuzhiyun+ char **argv = NULL; 35*4882a593Smuzhiyun 36*4882a593Smuzhiyun /* Initialize variables. */ 37*4882a593Smuzhiyun match = 0; 38*4882a593Smuzhiyun@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore, 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun fail: 41*4882a593Smuzhiyun if (argc != 0) 42*4882a593Smuzhiyun- { 43*4882a593Smuzhiyun- grub_free (argv[0]); 44*4882a593Smuzhiyun- grub_free (argv); 45*4882a593Smuzhiyun- } 46*4882a593Smuzhiyun+ grub_free (argv[0]); 47*4882a593Smuzhiyun+ grub_free (argv); 48*4882a593Smuzhiyun grub_free (match); 49*4882a593Smuzhiyun grub_errno = GRUB_ERR_NONE; 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun-- 52*4882a593Smuzhiyun2.14.2 53*4882a593Smuzhiyun 54