1*4882a593SmuzhiyunFrom 4b4027b6b1c877d7ab467896b04c7bd1aadcfa15 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Marco A Benatto <mbenatto@redhat.com> 3*4882a593SmuzhiyunDate: Mon, 30 Nov 2020 12:18:24 -0300 4*4882a593SmuzhiyunSubject: [PATCH] loader/xnu: Free driverkey data when an error is detected in 5*4882a593Smuzhiyun grub_xnu_writetree_toheap() 6*4882a593Smuzhiyun 7*4882a593Smuzhiyun... to avoid memory leaks. 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunFixes: CID 96640 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunSigned-off-by: Marco A Benatto <mbenatto@redhat.com> 12*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 13*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 14*4882a593Smuzhiyun--- 15*4882a593Smuzhiyun grub-core/loader/xnu.c | 24 ++++++++++++++++++++---- 16*4882a593Smuzhiyun 1 file changed, 20 insertions(+), 4 deletions(-) 17*4882a593Smuzhiyun 18*4882a593Smuzhiyundiff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c 19*4882a593Smuzhiyunindex eb14462..1a590db 100644 20*4882a593Smuzhiyun--- a/grub-core/loader/xnu.c 21*4882a593Smuzhiyun+++ b/grub-core/loader/xnu.c 22*4882a593Smuzhiyun@@ -227,26 +227,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) 23*4882a593Smuzhiyun if (! memorymap) 24*4882a593Smuzhiyun return grub_errno; 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey)); 27*4882a593Smuzhiyun+ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey)); 28*4882a593Smuzhiyun if (! driverkey) 29*4882a593Smuzhiyun return grub_errno; 30*4882a593Smuzhiyun driverkey->name = grub_strdup ("DeviceTree"); 31*4882a593Smuzhiyun if (! driverkey->name) 32*4882a593Smuzhiyun- return grub_errno; 33*4882a593Smuzhiyun+ { 34*4882a593Smuzhiyun+ err = grub_errno; 35*4882a593Smuzhiyun+ goto fail; 36*4882a593Smuzhiyun+ } 37*4882a593Smuzhiyun+ 38*4882a593Smuzhiyun driverkey->datasize = sizeof (*extdesc); 39*4882a593Smuzhiyun driverkey->next = memorymap->first_child; 40*4882a593Smuzhiyun memorymap->first_child = driverkey; 41*4882a593Smuzhiyun driverkey->data = extdesc 42*4882a593Smuzhiyun = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc)); 43*4882a593Smuzhiyun if (! driverkey->data) 44*4882a593Smuzhiyun- return grub_errno; 45*4882a593Smuzhiyun+ { 46*4882a593Smuzhiyun+ err = grub_errno; 47*4882a593Smuzhiyun+ goto fail; 48*4882a593Smuzhiyun+ } 49*4882a593Smuzhiyun 50*4882a593Smuzhiyun /* Allocate the space based on the size with dummy value. */ 51*4882a593Smuzhiyun *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/"); 52*4882a593Smuzhiyun err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE), 53*4882a593Smuzhiyun &src, target); 54*4882a593Smuzhiyun if (err) 55*4882a593Smuzhiyun- return err; 56*4882a593Smuzhiyun+ goto fail; 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun /* Put real data in the dummy. */ 59*4882a593Smuzhiyun extdesc->addr = *target; 60*4882a593Smuzhiyun@@ -255,6 +262,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) 61*4882a593Smuzhiyun /* Write the tree to heap. */ 62*4882a593Smuzhiyun grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/"); 63*4882a593Smuzhiyun return GRUB_ERR_NONE; 64*4882a593Smuzhiyun+ 65*4882a593Smuzhiyun+ fail: 66*4882a593Smuzhiyun+ memorymap->first_child = NULL; 67*4882a593Smuzhiyun+ 68*4882a593Smuzhiyun+ grub_free (driverkey->data); 69*4882a593Smuzhiyun+ grub_free (driverkey->name); 70*4882a593Smuzhiyun+ grub_free (driverkey); 71*4882a593Smuzhiyun+ 72*4882a593Smuzhiyun+ return err; 73*4882a593Smuzhiyun } 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun /* Find a key or value in parent key. */ 76*4882a593Smuzhiyun-- 77*4882a593Smuzhiyun2.14.2 78*4882a593Smuzhiyun 79