[PATCH] erofs-utils: lib/tar: fix missing NULL checks after malloc() in tarerofs_read_header()

[Utkal Singh]

In case 'L' and case 'K' of tarerofs_read_header(), malloc() is
called for eh.path and eh.link respectively, but the return value
is not checked before immediately passing the pointer to
erofs_iostream_bread(). On memory allocation failure, this results
in a NULL pointer dereference and crash.

Add NULL checks after each malloc() call and return -ENOMEM on
failure.

Signed-off-by: Utkal Singh <singhutkal015 at gmail.com>
---
 lib/tar.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/tar.c b/lib/tar.c
index 13e777a..5a6e07d 100644
--- a/lib/tar.c
+++ b/lib/tar.c
@@ -906,6 +906,10 @@ out_eot:
 	case 'L':
 		free(eh.path);
 		eh.path = malloc(st.st_size + 1);
+		if (!eh.path) {
+			ret = -ENOMEM;
+			goto out;
+		}
 		if (st.st_size != erofs_iostream_bread(&tar->ios, eh.path,
 						       st.st_size))
 			goto invalid_tar;
@@ -914,6 +918,10 @@ out_eot:
 	case 'K':
 		free(eh.link);
 		eh.link = malloc(st.st_size + 1);
+		if (!eh.link) {
+			ret = -ENOMEM;
+			goto out;
+		}
 		if (st.st_size > PATH_MAX || st.st_size !=
 		    erofs_iostream_bread(&tar->ios, eh.link, st.st_size))
 			goto invalid_tar;
-- 
2.43.0