summaryrefslogtreecommitdiffstats
path: root/fs/squashfs/sqfs.c
Commit message (Collapse)AuthorAgeFilesLines
* fs/squashfs: NULL dereference in sqfs_closedir()Heinrich Schuchardt2021-02-241-0/+3
| | | | | | | sqfs_opendir() called in sqfs_size(), sqfs_read(), sqfs_exists() may fail leading to sqfs_closedir(NULL) being called. Do not dereference NULL. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Fix squashfs failing to load sparse filesCampbell Suter2021-01-201-19/+35
| | | | | | | | | | | | | | | | | SquashFS supports sprase blocks in files - that is, if a given block is composed only of zeros, it's not written to the output file to save space and it's on-disk length field is set to zero to indicate that. Previously the squashfs driver did not recognise that, and would attempt to read and decompress a zero-sized block, which obviously failed. The following command may be used to create a file for testing: cat <(dd if=/dev/urandom of=/dev/stdout bs=1M count=1) \ <(dd if=/dev/zero of=/dev/stdout bs=1M count=1) \ <(dd if=/dev/urandom of=/dev/stdout bs=1k count=200) >test_file Signed-off-by: Campbell Suter <campbell@snapit.group>
* fs/squashfs: sqfs_close/sqfs_read_sblk: set ctxt.sblk to NULL after freeRichard Genoud2020-12-021-1/+3
| | | | | | This will prevent a double free error if sqfs_close() is called twice. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: implement exists() functionRichard Genoud2020-11-191-0/+38
| | | | | | | This permits to find a file and use the distro_bootcmd Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: remove buggy offset functionalityRichard Genoud2020-11-191-4/+12
| | | | | | | | | offset is the offset in the file read, not the offset in the destination buffer. If the offset is not null, this will lead to a memory corruption. So, for now, we are returning an error if the offset is used. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: don't write beyond buffer sizeRichard Genoud2020-11-191-0/+8
| | | | | | | The length of the buffer wasn't taken into account when writing to the given buffer. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_probe: use sqfs_decompressor_init() return valueRichard Genoud2020-11-191-2/+0
| | | | | | | | sqfs_decompressor_init() returns a value, so it's better to use it than to force the return value to EINVAL (it could be ENOMEM) Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_probe: reset cur_dev/cur_part_info to NULL on errorRichard Genoud2020-11-191-1/+1
| | | | | | | | Resetting the context on error will prevent some checks like: if (!ctx.cur_dev) To pass when the probe method has failed Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_probe: fix possible memory leak on errorRichard Genoud2020-11-191-5/+9
| | | | | | | If SquashFS magic number is invalid, there's a memory leak. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: fix memory leak on finfo.blk_sizesRichard Genoud2020-11-191-26/+22
| | | | | | | | | finfo.blk_sizes may not be freed in case of error in the for loop Setting it to null and freeing it at the end makes prevents that from happening. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_get_abs_path: fix possible memory leak on errorRichard Genoud2020-11-191-14/+18
| | | | | | | | if sqfs_tokenize(rel_tokens, rc, rel); fails, the function exits without freeing the array base_tokens. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_get_abs_path: fix error checkRichard Genoud2020-11-191-1/+1
| | | | | | | | | the return value of sqfs_tokenize(rel_tokens, rc, rel); wasn't checked. (but "ret" value was !) This is obviouly a typo. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_frag_lookup: simplify error handlingRichard Genoud2020-11-191-12/+16
| | | | | | | For consistency with other functions. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: fix another memory leakRichard Genoud2020-11-191-0/+2
| | | | | | data_buffer was allocated in a loop and freed only once. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: fix memory leakRichard Genoud2020-11-191-1/+1
| | | | | | | | sqfs_closedir() should be called to free memory allocated by sqfs_opendir() Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: remove useless sqfs_closedir()Richard Genoud2020-11-191-1/+0
| | | | | | as sqfs_opendir failed, there's no need to call sqfs_closedir Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read: fix dangling pointer dirs->entryRichard Genoud2020-11-191-0/+1
| | | | | | dirs->entry shouldn't be left dangling as it could be freed twice. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_size: remove useless sqfs_closedir()Richard Genoud2020-11-191-1/+0
| | | | | | as sqfs_opendir failed, there's no need to call sqfs_closedir Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_size: fix dangling pointer dirs->entryRichard Genoud2020-11-191-0/+2
| | | | | | dirs->entry shouldn't be left dangling as it could be freed twice. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_concat_tokens: check if malloc succeedsRichard Genoud2020-11-191-0/+3
| | | | | | | memory allocation should always be checked Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read_inode_table: fix dangling pointerRichard Genoud2020-11-191-0/+1
| | | | | | inode_table should not be left dangling as it may be freed in sqfs_opendir Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_search_dir: fix memory leaksRichard Genoud2020-11-191-13/+51
| | | | | | | path, target, res, rem and sym_tokens were not free on error nor success. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_search_dir: fix dangling pointerRichard Genoud2020-11-191-0/+5
| | | | | | dirs->entry shouldn't be left dangling as it could be freed twice. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_read_directory_table: fix memory leakRichard Genoud2020-11-191-14/+17
| | | | | | | pos_list wasn't freed on every error Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_split_path: fix memory leak and dangling pointersRichard Genoud2020-11-191-12/+28
| | | | | | | *file and *dir were not freed on error Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_closedir: fix memory leakRichard Genoud2020-11-191-0/+1
| | | | | | | sqfs_dirs wasn't freed anywhere. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_opendir: simplify error handlingRichard Genoud2020-11-191-15/+12
| | | | | | | Using only one label permits to prevents bugs when moving code around. Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: sqfs_opendir: fix some memory leaks and dangling pointersRichard Genoud2020-11-191-8/+29
| | | | | | When trying to load an non-existing file, the cpu hangs! Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
* fs/squashfs: Fix Coverity Scan defectsJoao Marcos Costa2020-09-181-7/+13
| | | | | | Fix control flow issues and null pointer dereferences. Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
* fs/squashfs: Fix Coverity Scan defectsJoao Marcos Costa2020-08-241-11/+29
| | | | | | | | | Fix defects such as uninitialized variables and untrusted pointer operations. Most part of the tainted variables and the related defects actually comes from Linux's macro get_unaligned_le**, extensively used in SquashFS code. Add sanity checks for those variables. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
* fs/squashfs: replace sqfs_decompress() parameterJoao Marcos Costa2020-08-241-16/+9
| | | | | | Replace 'u16 comp_type' by a reference to squashfs_ctxt structure. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
* fs/squashfs: Add init and clean-up functions to decompressionJoao Marcos Costa2020-08-241-6/+9
| | | | | | | | | | | | | Add sqfs_decompressor_init() and sqfs_decompressor_cleanup(). These functions are called respectively in sqfs_probe() and sqfs_close(). For now, only ZSTD requires an initialization logic. ZSTD support will be added in a follow-up commit. Move squashfs_ctxt definition to sqfs_filesystem.h. This structure is passed to sqfs_decompressor_init() and sqfs_decompressor_cleanup(), so it can no longer be local to sqfs.c. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
* fs/squashfs: new filesystemJoao Marcos Costa2020-08-071-0/+1538
Add support for SquashFS filesystem. Right now, it does not support compression but support for zlib will be added in a follow-up commit. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
generated by cgit (git 2.34.1) at 2025-06-09 08:09:33 +0000