Blame SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Marco A Benatto <mbenatto@redhat.com>
80913e
Date: Mon, 30 Nov 2020 12:18:24 -0300
80913e
Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
80913e
 grub_xnu_writetree_toheap()
80913e
80913e
... to avoid memory leaks.
80913e
80913e
Fixes: CID 96640
80913e
80913e
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
80913e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
80913e
---
80913e
 grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
80913e
 1 file changed, 20 insertions(+), 4 deletions(-)
80913e
80913e
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
80913e
index 16bfa7cec72..af885a648c6 100644
80913e
--- a/grub-core/loader/xnu.c
80913e
+++ b/grub-core/loader/xnu.c
80913e
@@ -228,26 +228,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
80913e
   if (! memorymap)
80913e
     return grub_errno;
80913e
 
80913e
-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
80913e
+  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
80913e
   if (! driverkey)
80913e
     return grub_errno;
80913e
   driverkey->name = grub_strdup ("DeviceTree");
80913e
   if (! driverkey->name)
80913e
-    return grub_errno;
80913e
+    {
80913e
+      err = grub_errno;
80913e
+      goto fail;
80913e
+    }
80913e
+
80913e
   driverkey->datasize = sizeof (*extdesc);
80913e
   driverkey->next = memorymap->first_child;
80913e
   memorymap->first_child = driverkey;
80913e
   driverkey->data = extdesc
80913e
     = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
80913e
   if (! driverkey->data)
80913e
-    return grub_errno;
80913e
+    {
80913e
+      err = grub_errno;
80913e
+      goto fail;
80913e
+    }
80913e
 
80913e
   /* Allocate the space based on the size with dummy value. */
80913e
   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
80913e
   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
80913e
 			      &src, target);
80913e
   if (err)
80913e
-    return err;
80913e
+    goto fail;
80913e
 
80913e
   /* Put real data in the dummy. */
80913e
   extdesc->addr = *target;
80913e
@@ -256,6 +263,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
80913e
   /* Write the tree to heap. */
80913e
   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
80913e
   return GRUB_ERR_NONE;
80913e
+
80913e
+ fail:
80913e
+  memorymap->first_child = NULL;
80913e
+
80913e
+  grub_free (driverkey->data);
80913e
+  grub_free (driverkey->name);
80913e
+  grub_free (driverkey);
80913e
+
80913e
+  return err;
80913e
 }
80913e
 
80913e
 /* Find a key or value in parent key. */