diff options
| author | Edward O'Callaghan <quasisec@google.com> | 2021-11-17 14:24:04 +1100 |
|---|---|---|
| committer | Nico Huber <nico.h@gmx.de> | 2021-12-15 13:54:09 +0000 |
| commit | 43f998274f788ade1ab01e62fb025b7d54f9ab24 (patch) | |
| tree | 507008e098afe1c283e7bbf426869a726a6428de | |
| parent | ea0ae153dd43ef6651a0824d251341af635b1fdd (diff) | |
| download | flashrom-43f998274f788ade1ab01e62fb025b7d54f9ab24.tar.gz flashrom-43f998274f788ade1ab01e62fb025b7d54f9ab24.tar.bz2 flashrom-43f998274f788ade1ab01e62fb025b7d54f9ab24.zip | |
flashrom.c: Validate before allocate in verify_range()
Simplify a goto away for free'ing a buffer by validating
before attempting to allocate.
BUG=none
TEST=builds
Change-Id: Iae886f203d1c59ae9a89421f7483a4ec3f747256
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/59372
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
| -rw-r--r-- | flashrom.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/flashrom.c b/flashrom.c index 48d953b06..b62d38c30 100644 --- a/flashrom.c +++ b/flashrom.c @@ -417,6 +417,13 @@ int verify_range(struct flashctx *flash, const uint8_t *cmpbuf, unsigned int sta if (!len) return -1; + if (start + len > flash->chip->total_size * 1024) { + msg_gerr("Error: %s called with start 0x%x + len 0x%x >" + " total_size 0x%x\n", __func__, start, len, + flash->chip->total_size * 1024); + return -1; + } + if (!flash->chip->read) { msg_cerr("ERROR: flashrom has no read function for this flash chip.\n"); return -1; @@ -427,17 +434,8 @@ int verify_range(struct flashctx *flash, const uint8_t *cmpbuf, unsigned int sta msg_gerr("Could not allocate memory!\n"); return -1; } - int ret = 0; - - if (start + len > flash->chip->total_size * 1024) { - msg_gerr("Error: %s called with start 0x%x + len 0x%x >" - " total_size 0x%x\n", __func__, start, len, - flash->chip->total_size * 1024); - ret = -1; - goto out_free; - } - ret = flash->chip->read(flash, readbuf, start, len); + int ret = flash->chip->read(flash, readbuf, start, len); if (ret) { msg_gerr("Verification impossible because read failed " "at 0x%x (len 0x%x)\n", start, len); |