[PATCH] ntfs3: fix memory leak in indx_create_allocate()

Next message: Icenowy Zheng: "Re: [PATCH 0/2] drm/bridge: th1520-dw-hdmi: Two fixes"
Previous message: Antoine Bernard: "Re: [PATCH 1/3] media: i2c: ov13b10: Add dvdd, dovdd and device tree support"
Next in thread: Deepanshu Kartikey: "[PATCH] ntfs3: fix memory leak in indx_create_allocate()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Sat Mar 21 2026 - 01:01:59 EST

When indx_create_allocate() fails after
attr_allocate_clusters() succeeds, run_deallocate()
frees the disk clusters but never frees the memory
allocated by run_add_entry() via kvmalloc() for the
runs_tree structure.

Fix this by adding run_close() at the out: label to
free the run.runs memory on all error paths. The
success path is unaffected as it returns 0 directly
without going through out:, transferring ownership
of the run memory to indx->alloc_run via memcpy().

Reported-by: syzbot+7adcddaeeb860e5d3f2f@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f
Signed-off-by: Deepanshu Kartikey <Kartikey406@xxxxxxxxx>
---
fs/ntfs3/index.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 97f06c26fe1a..11f59d7b9ea4 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1481,6 +1481,7 @@ static int indx_create_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
run_deallocate(sbi, &run, false);

out:
+ run_close(&run);
return err;
}

--
2.43.0