fs/squashfs: avoid illegal free() in sqfs_opendir()

* Use calloc() to allocate token_list. This avoids an illegal free if
  sqfs_tokenize() fails.
* Do not iterate over token_list if it has not been allocated.

Addresses-Coverity-ID: 510453:  Null pointer dereferences  (FORWARD_NULL)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 7c36468..2dcdd60 100644 (file)
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -949,7 +949,7 @@ static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp)
                goto out;
        }
 
-       token_list = malloc(token_count * sizeof(char *));
+       token_list = calloc(token_count, sizeof(char *));
        if (!token_list) {
                ret = -EINVAL;
                goto out;
@@ -987,9 +987,11 @@ static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp)
        *dirsp = (struct fs_dir_stream *)dirs;
 
 out:
-       for (j = 0; j < token_count; j++)
-               free(token_list[j]);
-       free(token_list);
+       if (token_list) {
+               for (j = 0; j < token_count; j++)
+                       free(token_list[j]);
+               free(token_list);
+       }
        free(pos_list);
        free(path);
        if (ret) {