[PATCH] erofs-utils: lib: fix missing NULL checks after strdup() in tarerofs_parse_tar_header()
Utkal Singh
singhutkal015 at gmail.com
Sun Mar 15 10:10:44 AEDT 2026
strdup() calls for eh.path and eh.link had no NULL check.
On memory allocation failure, eh.path or eh.link would silently
become NULL and get dereferenced later, causing a crash.
Add NULL checks after each strdup() call and return -ENOMEM via
the existing 'out' cleanup label on failure.
Signed-off-by: Utkal Singh <singhutkal015 at gmail.com>
---
lib/tar.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/lib/tar.c b/lib/tar.c
index 26461f8..0963821 100644
--- a/lib/tar.c
+++ b/lib/tar.c
@@ -719,10 +719,20 @@ int tarerofs_parse_tar(struct erofs_importer *im, struct erofs_tarfile *tar)
int ckksum, ret, rem, j;
root->dev = tar->dev;
- if (eh.path)
+ if (eh.path) {
eh.path = strdup(eh.path);
- if (eh.link)
+ if (!eh.path) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ }
+ if (eh.link) {
eh.link = strdup(eh.link);
+ if (!eh.link) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ }
init_list_head(&eh.xattrs);
restart:
--
2.43.0
More information about the Linux-erofs
mailing list