From abeae9842490388428d93706ab0d83b19b674f61 Mon Sep 17 00:00:00 2001 From: Yan Wang Date: Tue, 9 Jun 2020 15:02:31 +0800 Subject: [PATCH] lib/blob: check return value after malloc() and strdup() Signed-off-by: Yan Wang Change-Id: Ieaaecfd12ddf7826c2e4ce6dc5f47411e7e077da Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/2907 Community-CI: Mellanox Build Bot Tested-by: SPDK CI Jenkins Reviewed-by: Aleksey Marchuk Reviewed-by: Shuhei Matsumoto Reviewed-by: Ben Walker Reviewed-by: Paul Luse --- lib/blob/blobstore.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/blob/blobstore.c b/lib/blob/blobstore.c index 8dfdfd247..5ea7b9816 100644 --- a/lib/blob/blobstore.c +++ b/lib/blob/blobstore.c @@ -7111,6 +7111,7 @@ blob_set_xattr(struct spdk_blob *blob, const char *name, const void *value, struct spdk_xattr_tailq *xattrs; struct spdk_xattr *xattr; size_t desc_size; + void *tmp; blob_verify_md_op(blob); @@ -7134,9 +7135,14 @@ blob_set_xattr(struct spdk_blob *blob, const char *name, const void *value, TAILQ_FOREACH(xattr, xattrs, link) { if (!strcmp(name, xattr->name)) { + tmp = malloc(value_len); + if (!tmp) { + return -ENOMEM; + } + free(xattr->value); xattr->value_len = value_len; - xattr->value = malloc(value_len); + xattr->value = tmp; memcpy(xattr->value, value, value_len); blob->state = SPDK_BLOB_STATE_DIRTY; @@ -7149,9 +7155,20 @@ blob_set_xattr(struct spdk_blob *blob, const char *name, const void *value, if (!xattr) { return -ENOMEM; } + xattr->name = strdup(name); + if (!xattr->name) { + free(xattr); + return -ENOMEM; + } + xattr->value_len = value_len; xattr->value = malloc(value_len); + if (!xattr->value) { + free(xattr->name); + free(xattr); + return -ENOMEM; + } memcpy(xattr->value, value, value_len); TAILQ_INSERT_TAIL(xattrs, xattr, link);