fs/squashfs: Ensure memory is freed by using unwind goto

Returning immediately from sqfs_read_nest is not consistent with other
error checks in this function and can lead to memory leaks. Instead use
the unwind goto used elsewhere to ensure that the memory is freed.

This issue was found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 2dcdd60..4d3d83b 100644 (file)
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1584,8 +1584,10 @@ static int sqfs_read_nest(const char *filename, void *buf, loff_t offset,
        table_offset = frag_entry.start - (start * ctxt.cur_dev->blksz);
        n_blks = DIV_ROUND_UP(table_size + table_offset, ctxt.cur_dev->blksz);
 
-       if (__builtin_mul_overflow(n_blks, ctxt.cur_dev->blksz, &buf_size))
-               return -EINVAL;
+       if (__builtin_mul_overflow(n_blks, ctxt.cur_dev->blksz, &buf_size)) {
+               ret = -EINVAL;
+               goto out;
+       }
 
        fragment = malloc_cache_aligned(buf_size);