summaryrefslogtreecommitdiffstats
path: root/erasure_layout.c
diff options
context:
space:
mode:
authorThomas Heijligen <thomas.heijligen@secunet.com>2023-02-15 12:12:11 +0100
committerThomas Heijligen <src@posteo.de>2023-02-23 10:27:28 +0000
commit3b16ce087ed3f4bfeed19db9d2115615b55097e5 (patch)
tree251f884e88aaad9e053a7854a2a6d0275ed34eea /erasure_layout.c
parentdddf9486854a16c9d736a5286bd6a5913725635e (diff)
downloadflashrom-3b16ce087ed3f4bfeed19db9d2115615b55097e5.tar.gz
flashrom-3b16ce087ed3f4bfeed19db9d2115615b55097e5.tar.bz2
flashrom-3b16ce087ed3f4bfeed19db9d2115615b55097e5.zip
erasure_layout.c: Test erasefn_count before using it to allocate memory
In erasure_layout.c:create_erase_layout() the layout will be allocated based on erasefn_count, But calling calloc with 0 is unspecified behavior. Also it is not freed when erasefn_count is 0. So test first if erasefn_count is 0, and only when not allocate the memory for *layout. Reported by Coverty Scan: *** CID 1505171: Resource leaks (RESOURCE_LEAK) /erasure_layout.c: 105 in create_erase_layout() 98 if(!layout) { 99 msg_gerr("Out of memory!\n"); 100 return -1; 101 } 102 103 if (!erasefn_count) { 104 msg_gerr("No erase functions supported\n"); >>> CID 1505171: Resource leaks (RESOURCE_LEAK) >>> Variable "layout" going out of scope leaks the storage it points to. 105 return 0; 106 } Change-Id: If13b050ac8525fee44d3f3bf74a9c9b6a8d38399 Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com> Reviewed-on: https://review.coreboot.org/c/flashrom/+/73041 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Diffstat (limited to 'erasure_layout.c')
-rw-r--r--erasure_layout.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/erasure_layout.c b/erasure_layout.c
index 05376de8e..2097b33b0 100644
--- a/erasure_layout.c
+++ b/erasure_layout.c
@@ -93,18 +93,17 @@ int create_erase_layout(struct flashctx *const flashctx, struct erase_layout **e
{
const struct flashchip *chip = flashctx->chip;
const size_t erasefn_count = count_usable_erasers(flashctx);
- struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
+ if (!erasefn_count) {
+ msg_gerr("No erase functions supported\n");
+ return 0;
+ }
+ struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
if (!layout) {
msg_gerr("Out of memory!\n");
return -1;
}
- if (!erasefn_count) {
- msg_gerr("No erase functions supported\n");
- return 0;
- }
-
size_t layout_idx = 0;
for (size_t eraser_idx = 0; eraser_idx < NUM_ERASEFUNCTIONS; eraser_idx++) {
if (check_block_eraser(flashctx, eraser_idx, 0))
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 23:23:22 +0000