From 508a9dc7f694df11c7de7460f888f508e40a2046 Mon Sep 17 00:00:00 2001
From: Richard Genoud <richard.genoud@posteo.net>
Date: Tue, 3 Nov 2020 12:11:09 +0100
Subject: fs/squashfs: sqfs_size: fix dangling pointer dirs->entry

dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
---
 fs/squashfs/sqfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 7da2e09..3b008b5 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1569,6 +1569,7 @@ int sqfs_size(const char *filename, loff_t *size)
 		if (!ret)
 			break;
 		free(dirs->entry);
+		dirs->entry = NULL;
 	}
 
 	if (ret) {
@@ -1582,6 +1583,7 @@ int sqfs_size(const char *filename, loff_t *size)
 	ipos = sqfs_find_inode(dirs->inode_table, i_number, sblk->inodes,
 			       sblk->block_size);
 	free(dirs->entry);
+	dirs->entry = NULL;
 
 	base = (struct squashfs_base_inode *)ipos;
 	switch (get_unaligned_le16(&base->inode_type)) {
-- 
cgit v1.1