From 9a99d2b683c23cbfb21df0557fa185b36e9e8540 Mon Sep 17 00:00:00 2001
From: Byongho Lee <bhlee.kernel@gmail.com>
Date: Fri, 28 Aug 2015 00:38:16 +0900
Subject: btrfs-progs: fix memory leak in btrfs-convert main()

In btrfs-convert main(), strdup() allocates memory to fslabel but that
memory is not freed. We could fix it by adding free() calls to every
return point, but that would make the code messy because there are
several return paths.
So I fix it by changing the code using strdup() with local array and
strncpy().

And btrfs-convert main() guarantees that string length of fslabel is not
to exceed 'BTRFS_LABEL_SIZE', so it's enough to use strcpy() instead of
strncpy() to copy fslabel in do_convert().

Signed-off-by: Byongho Lee <bhlee.kernel@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
 btrfs-convert.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'btrfs-convert.c')

diff --git a/btrfs-convert.c b/btrfs-convert.c
index 917bbc1b..2e6f4d4c 100644
--- a/btrfs-convert.c
+++ b/btrfs-convert.c
@@ -2428,7 +2428,7 @@ static int do_convert(const char *devname, int datacsum, int packing, int noxatt
 		fprintf(stderr, "copy label '%s'\n",
 				root->fs_info->super_copy->label);
 	} else if (copylabel == -1) {
-		strncpy(root->fs_info->super_copy->label, fslabel, BTRFS_LABEL_SIZE);
+		strcpy(root->fs_info->super_copy->label, fslabel);
 		fprintf(stderr, "set label to '%s'\n", fslabel);
 	}
 
@@ -2868,7 +2868,7 @@ int main(int argc, char *argv[])
 	int usage_error = 0;
 	int progress = 1;
 	char *file;
-	char *fslabel = NULL;
+	char fslabel[BTRFS_LABEL_SIZE + 1];
 	u64 features = BTRFS_MKFS_DEFAULT_FEATURES;
 
 	while(1) {
@@ -2910,8 +2910,9 @@ int main(int argc, char *argv[])
 				break;
 			case 'l':
 				copylabel = -1;
-				fslabel = strdup(optarg);
-				if (strlen(fslabel) > BTRFS_LABEL_SIZE) {
+				fslabel[BTRFS_LABEL_SIZE] = 0;
+				strncpy(fslabel, optarg, sizeof(fslabel));
+				if (fslabel[BTRFS_LABEL_SIZE]) {
 					fprintf(stderr,
 						"warning: label too long, trimmed to %d bytes\n",
 						BTRFS_LABEL_SIZE);
-- 
cgit v1.2.3