search

lclevy / ADFlib

A free, portable and open implementation of the Amiga filesystem
GNU General Public License v2.0
90 stars 30 forks source link

Memory leaks in adf_dev_hd: not freeing vol after another allocation fails #43

Closed t-w closed 10 months ago

t-w commented 1 year ago 
RETCODE adfMountHd ( struct AdfDevice * const dev )
{
[...]
    while( next!=-1 ) {
[...]
        vol = (struct AdfVolume *) malloc (sizeof(struct AdfVolume));
[...]
        vol->volName = (char*)malloc(len+1);
        if (!vol->volName) { 
            adfFreeTmpVolList(listRoot);
            (*adfEnv.eFct)("adfMount : malloc");
            return RC_ERROR;
        }
[...]
        /* stores temporaly the volumes in a linked list */
        if (listRoot==NULL)
            vList = listRoot = newCell(NULL, (void*)vol);
        else
            vList = newCell(vList, (void*)vol);
[...]

If allocation for vol->volName fails, vol (allocated earlier, above) will never be deallocated.

(A rare case, only when a mem. allocation fails - so not caught by sanitizers).

t-w commented 1 year ago

Another one is in adfMountHdFile():

RETCODE adfMountHdFile ( struct AdfDevice * const dev )
{
[...]
    dev->volList = (struct AdfVolume **) malloc (sizeof(struct AdfVolume *));
    if (!dev->volList) { 
        (*adfEnv.eFct)("adfMountHdFile : malloc");
        return RC_MALLOC;
    }

    vol = (struct AdfVolume *) malloc (sizeof(struct AdfVolume));
    if (!vol) {
        (*adfEnv.eFct)("adfMountHdFile : malloc");
        return RC_MALLOC;
    }

[...] AND ALSO BELOW ANOTHER ONE
     if (vol->rootBlock==1) {
         (*adfEnv.eFct)("adfMountHdFile : rootblock not found");
         return RC_ERROR;
     }