Unverified Commit 87ac077d authored by Deepanshu Kartikey's avatar Deepanshu Kartikey Committed by Konstantin Komarov
Browse files

ntfs3: fix memory leak in indx_create_allocate() 



When indx_create_allocate() fails after
attr_allocate_clusters() succeeds, run_deallocate()
frees the disk clusters but never frees the memory
allocated by run_add_entry() via kvmalloc() for the
runs_tree structure.

Fix this by adding run_close() at the out: label to
free the run.runs memory on all error paths. The
success path is unaffected as it returns 0 directly
without going through out:, transferring ownership
of the run memory to indx->alloc_run via memcpy().

Reported-by: default avatar <syzbot+7adcddaeeb860e5d3f2f@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f


Signed-off-by: default avatarDeepanshu Kartikey <Kartikey406@gmail.com>
Signed-off-by: default avatarKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
parent f9963dea

fs/ntfs3/index.c

+1 −0
Original line number Diff line number Diff line
@@ -1482,6 +1482,7 @@ static int indx_create_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, 
	run_deallocate(sbi, &run, false);



out:

	run_close(&run);

	return err;

}