fs: fat: Fix possible double free of fatbuf

fat_itr_root() allocates fatbuf so we free it on the exit path, if
the function fails we should not free it, check the return value
and skip freeing if the function fails.

Signed-off-by: Andrew F. Davis <afd@ti.com>

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index c5997c21735f9714aae7c63486750837cac87688..06c8ed14bdab0ac948cf905e09a2821ec63bfdab 100644 (file)
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -1134,11 +1134,12 @@ int fat_size(const char *filename, loff_t *size)
                 * expected to fail if passed a directory path:
                 */
                free(fsdata.fatbuf);
-               fat_itr_root(itr, &fsdata);
-               if (!fat_itr_resolve(itr, filename, TYPE_DIR)) {
+               ret = fat_itr_root(itr, &fsdata);
+               if (ret)
+                       goto out_free_itr;
+               ret = fat_itr_resolve(itr, filename, TYPE_DIR);
+               if (!ret)
                        *size = 0;
-                       ret = 0;
-               }
                goto out_free_both;
        }