| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
sqfs_opendir() called in sqfs_size(), sqfs_read(), sqfs_exists() may fail
leading to sqfs_closedir(NULL) being called. Do not dereference NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
SquashFS supports sprase blocks in files - that is, if a given block is
composed only of zeros, it's not written to the output file to save
space and it's on-disk length field is set to zero to indicate that.
Previously the squashfs driver did not recognise that, and would attempt
to read and decompress a zero-sized block, which obviously failed.
The following command may be used to create a file for testing:
cat <(dd if=/dev/urandom of=/dev/stdout bs=1M count=1) \
<(dd if=/dev/zero of=/dev/stdout bs=1M count=1) \
<(dd if=/dev/urandom of=/dev/stdout bs=1k count=200) >test_file
Signed-off-by: Campbell Suter <campbell@snapit.group>
|
|
This will prevent a double free error if sqfs_close() is called twice.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
This permits to find a file and use the distro_bootcmd
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
offset is the offset in the file read, not the offset in the destination
buffer.
If the offset is not null, this will lead to a memory corruption.
So, for now, we are returning an error if the offset is used.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
The length of the buffer wasn't taken into account when writing to the
given buffer.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
sqfs_decompressor_init() returns a value, so it's better to use it than
to force the return value to EINVAL (it could be ENOMEM)
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
Resetting the context on error will prevent some checks like:
if (!ctx.cur_dev)
To pass when the probe method has failed
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
If SquashFS magic number is invalid, there's a memory leak.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
finfo.blk_sizes may not be freed in case of error in the for loop
Setting it to null and freeing it at the end makes prevents that from
happening.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
if sqfs_tokenize(rel_tokens, rc, rel); fails, the function exits
without freeing the array base_tokens.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
the return value of sqfs_tokenize(rel_tokens, rc, rel); wasn't checked.
(but "ret" value was !)
This is obviouly a typo.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
For consistency with other functions.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
data_buffer was allocated in a loop and freed only once.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
sqfs_closedir() should be called to free memory allocated by
sqfs_opendir()
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
as sqfs_opendir failed, there's no need to call sqfs_closedir
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
dirs->entry shouldn't be left dangling as it could be freed twice.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
as sqfs_opendir failed, there's no need to call sqfs_closedir
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
dirs->entry shouldn't be left dangling as it could be freed twice.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
memory allocation should always be checked
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
inode_table should not be left dangling as it may be freed in sqfs_opendir
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
path, target, res, rem and sym_tokens were not free on error nor success.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
dirs->entry shouldn't be left dangling as it could be freed twice.
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
pos_list wasn't freed on every error
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
*file and *dir were not freed on error
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
sqfs_dirs wasn't freed anywhere.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
Using only one label permits to prevents bugs when moving code around.
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
When trying to load an non-existing file, the cpu hangs!
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
|
|
Fix control flow issues and null pointer dereferences.
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
|
|
Fix defects such as uninitialized variables and untrusted pointer
operations. Most part of the tainted variables and the related defects
actually comes from Linux's macro get_unaligned_le**, extensively used
in SquashFS code. Add sanity checks for those variables.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
|
|
Replace 'u16 comp_type' by a reference to squashfs_ctxt structure.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
|
|
Add sqfs_decompressor_init() and sqfs_decompressor_cleanup(). These
functions are called respectively in sqfs_probe() and sqfs_close(). For
now, only ZSTD requires an initialization logic. ZSTD support will be
added in a follow-up commit.
Move squashfs_ctxt definition to sqfs_filesystem.h. This structure is
passed to sqfs_decompressor_init() and sqfs_decompressor_cleanup(), so
it can no longer be local to sqfs.c.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
|
|
Add support for SquashFS filesystem. Right now, it does not support
compression but support for zlib will be added in a follow-up commit.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
|
