From: Daniel Axtens <dja@axtens.net>
Date: Thu, 21 Jan 2021 01:22:28 +0000 (+1100)
Subject: io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=b5a2b59cc5b8f5ee7ba3b951e7693e402d5b3a6f;p=grub2.git

io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails

If huft_build() fails, gzio->tl or gzio->td could contain pointers that
are no longer valid. Zero them out.

This prevents a double free when grub_gzio_close() comes through and
attempts to free them again.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
index 19adebeed..aea86a0a9 100644
--- a/grub-core/io/gzio.c
+++ b/grub-core/io/gzio.c
@@ -1010,6 +1010,7 @@ init_dynamic_block (grub_gzio_t gzio)
   gzio->bl = lbits;
   if (huft_build (ll, nl, 257, cplens, cplext, &gzio->tl, &gzio->bl) != 0)
     {
+      gzio->tl = 0;
       grub_error (GRUB_ERR_BAD_COMPRESSED_DATA,
 		  "failed in building a Huffman code table");
       return;
@@ -1019,6 +1020,7 @@ init_dynamic_block (grub_gzio_t gzio)
     {
       huft_free (gzio->tl);
       gzio->tl = 0;
+      gzio->td = 0;
       grub_error (GRUB_ERR_BAD_COMPRESSED_DATA,
 		  "failed in building a Huffman code table");
       return;