[Toybox] [PATCH] losetup: Fix memory leaks in loopback_setup()

[Alessio Balsini]

The function loopback_setup() uses xabspath() to get the loopback path.
This function allocates dynamic memory which should be freed by the
function caller.
But there are early return cases where the dynamic memory is not freed.
Besides the special cases of perror_exit(), for which the "early" free
operation is simply used to silence memory analysis tools, the

  if (racy && errno == EBUSY) return 1;

branch may be a real cause of memory leak.

Fix by adding a new free() in the racy+EBUSY branch and anticipating the
existing free().

Signed-off-by: Alessio Balsini <balsini at android.com>
---
 toys/other/losetup.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/toys/other/losetup.c b/toys/other/losetup.c
index 917e64ea..7f91ba1f 100644
--- a/toys/other/losetup.c
+++ b/toys/other/losetup.c
@@ -107,15 +107,16 @@ static int loopback_setup(char *device, char *file)
 
     if (!s) perror_exit("file"); // already opened, but if deleted since...
     if (ioctl(lfd, LOOP_SET_FD, ffd)) {
+      free(s);
       if (racy && errno == EBUSY) return 1;
       perror_exit("%s=%s", device, file);
     }
+    xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE);
+    free(s);
     loop->lo_offset = TT.o;
     loop->lo_sizelimit = TT.S;
-    xstrncpy((char *)loop->lo_file_name, s, LO_NAME_SIZE);
     if (ioctl(lfd, LOOP_SET_STATUS64, loop)) perror_exit("%s=%s", device, file);
     if (FLAG(s)) puts(device);
-    free(s);
   }
   else {
     xprintf("%s: [%lld]:%llu (%s)", device, (long long)loop->lo_device,
-- 
2.23.0.866.gb869b98d4c-goog