[PATCH v2] erofs-utils: s3: fix memory leak in s3erofs_create_object_iterator
Nithurshen
nithurshen.dev at gmail.com
Sun Apr 5 16:32:08 AEST 2026
In s3erofs_create_object_iterator(), if the parsed prefix length
exceeds S3EROFS_PATH_MAX, the function aborts and returns an
-EINVAL error pointer. However, the 'iter' structure was already
allocated via calloc() and left unfreed, causing a memory leak.
This commit adds the missing free(iter) call in the error path to
prevent leaking memory when excessively long S3 bucket paths are
provided.
Signed-off-by: Nithurshen <nithurshen.dev at gmail.com>
---
lib/remotes/s3.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/remotes/s3.c b/lib/remotes/s3.c
index 768232a..abfa5dc 100644
--- a/lib/remotes/s3.c
+++ b/lib/remotes/s3.c
@@ -911,8 +911,10 @@ s3erofs_create_object_iterator(struct erofs_s3 *s3, const char *path,
iter->bucket = NULL;
iter->prefix = strdup(path + 1);
} else {
- if (++prefix - path > S3EROFS_PATH_MAX)
+ if (++prefix - path > S3EROFS_PATH_MAX) {
+ free(iter);
return ERR_PTR(-EINVAL);
+ }
iter->bucket = strndup(path, prefix - path);
iter->prefix = strdup(prefix);
}
--
2.52.0
More information about the Linux-erofs
mailing list