From 4332e7c04ec460472ed18792638f67cc44e6054c Mon Sep 17 00:00:00 2001
From: Anastasia Klimchuk <aklm@chromium.org>
Date: Mon, 31 May 2021 09:42:36 +1000
Subject: dummyflasher.c: Fix data leak in params processing error paths

This patch extracts params processing into a separate function. Now
all error paths of params processing return 1 back to init function
which frees data.

And there was just one more error path in init function where
free(data) needed to be added.

This is a follow up on commit 3b8fe0f8e907c0ba9f7c7935e950f3e1538d427f
which moves global state into spi_master data.

A good side-effect of the change is: init function becomes easier
to read.

BUG=b:185191942
TEST=ninja test

Change-Id: I04f55f77bb4703f1d88b2191c45a22be3c97bf87
Signed-off-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/54748
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
---
 dummyflasher.c | 78 ++++++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 51 insertions(+), 27 deletions(-)

diff --git a/dummyflasher.c b/dummyflasher.c
index dcf97b5c8..e2f38f54d 100644
--- a/dummyflasher.c
+++ b/dummyflasher.c
@@ -643,30 +643,17 @@ static int dummy_shutdown(void *data)
 	return 0;
 }
 
-int dummy_init(void)
+static int init_data(struct emu_data *data, enum chipbustype *dummy_buses_supported)
 {
+
 	char *bustext = NULL;
 	char *tmp = NULL;
 	unsigned int i;
+	char *endptr;
 #if EMULATE_SPI_CHIP
 	char *status = NULL;
 	int size = -1;  /* size for VARIABLE_SIZE chip device */
 #endif
-#if EMULATE_CHIP
-	struct stat image_stat;
-#endif
-	char *endptr;
-
-	struct emu_data *data = calloc(1, sizeof(struct emu_data));
-	if (!data) {
-		msg_perr("Out of memory!\n");
-		return 1;
-	}
-	data->emu_chip = EMULATE_NONE;
-	data->delay_us = 0;
-	data->spi_write_256_chunksize = 256;
-
-	msg_pspew("%s\n", __func__);
 
 	bustext = extract_programmer_param("bus");
 	msg_pdbg("Requested buses are: %s\n", bustext ? bustext : "default");
@@ -675,24 +662,24 @@ int dummy_init(void)
 	/* Convert the parameters to lowercase. */
 	tolower_string(bustext);
 
-	enum chipbustype dummy_buses_supported = BUS_NONE;
+	*dummy_buses_supported = BUS_NONE;
 	if (strstr(bustext, "parallel")) {
-		dummy_buses_supported |= BUS_PARALLEL;
+		*dummy_buses_supported |= BUS_PARALLEL;
 		msg_pdbg("Enabling support for %s flash.\n", "parallel");
 	}
 	if (strstr(bustext, "lpc")) {
-		dummy_buses_supported |= BUS_LPC;
+		*dummy_buses_supported |= BUS_LPC;
 		msg_pdbg("Enabling support for %s flash.\n", "LPC");
 	}
 	if (strstr(bustext, "fwh")) {
-		dummy_buses_supported |= BUS_FWH;
+		*dummy_buses_supported |= BUS_FWH;
 		msg_pdbg("Enabling support for %s flash.\n", "FWH");
 	}
 	if (strstr(bustext, "spi")) {
-		dummy_buses_supported |= BUS_SPI;
+		*dummy_buses_supported |= BUS_SPI;
 		msg_pdbg("Enabling support for %s flash.\n", "SPI");
 	}
-	if (dummy_buses_supported == BUS_NONE)
+	if (*dummy_buses_supported == BUS_NONE)
 		msg_pdbg("Support for all flash bus types disabled.\n");
 	free(bustext);
 
@@ -838,14 +825,15 @@ int dummy_init(void)
 		}
 		free(tmp);
 	}
-#endif
+#endif /* EMULATE_SPI_CHIP */
 
 	tmp = extract_programmer_param("emulate");
 	if (!tmp) {
 		msg_pdbg("Not emulating any flash chip.\n");
 		/* Nothing else to do. */
-		goto dummy_init_out;
+		return 0;
 	}
+
 #if EMULATE_SPI_CHIP
 	if (!strcmp(tmp, "M25P10.RES")) {
 		data->emu_chip = EMULATE_ST_M25P10_RES;
@@ -933,7 +921,7 @@ int dummy_init(void)
 		msg_pdbg("Emulating generic SPI flash chip (size=%d bytes)\n",
 		         data->emu_chip_size);
 	}
-#endif
+#endif /* EMULATE_SPI_CHIP */
 	if (data->emu_chip == EMULATE_NONE) {
 		msg_perr("Invalid chip specified for emulation: %s\n", tmp);
 		free(tmp);
@@ -972,7 +960,7 @@ int dummy_init(void)
 		msg_pdbg("Initial status register is set to 0x%02x.\n",
 			 data->emu_status);
 	}
-#endif
+#endif /* EMULATE_SPI_CHIP */
 
 	data->flashchip_contents = malloc(data->emu_chip_size);
 	if (!data->flashchip_contents) {
@@ -980,6 +968,41 @@ int dummy_init(void)
 		return 1;
 	}
 
+#endif /* EMULATE_CHIP */
+
+	return 0;
+}
+
+int dummy_init(void)
+{
+#if EMULATE_CHIP
+	struct stat image_stat;
+#endif
+
+	struct emu_data *data = calloc(1, sizeof(struct emu_data));
+	if (!data) {
+		msg_perr("Out of memory!\n");
+		return 1;
+	}
+	data->emu_chip = EMULATE_NONE;
+	data->delay_us = 0;
+	data->spi_write_256_chunksize = 256;
+
+	msg_pspew("%s\n", __func__);
+
+	enum chipbustype dummy_buses_supported;
+	if (init_data(data, &dummy_buses_supported)) {
+		free(data);
+		return 1;
+	}
+
+#if EMULATE_CHIP
+	if (data->emu_chip == EMULATE_NONE) {
+		msg_pdbg("Not emulating any flash chip.\n");
+		/* Nothing else to do. */
+		goto dummy_init_out;
+	}
+
 	msg_pdbg("Filling fake flash chip with 0x%02x, size %i\n",
 			data->erase_to_zero ? 0x00 : 0xff, data->emu_chip_size);
 	memset(data->flashchip_contents, data->erase_to_zero ? 0x00 : 0xff, data->emu_chip_size);
@@ -1003,13 +1026,14 @@ int dummy_init(void)
 				msg_perr("Unable to read %s\n", data->emu_persistent_image);
 				free(data->emu_persistent_image);
 				free(data->flashchip_contents);
+				free(data);
 				return 1;
 			}
 		} else {
 			msg_pdbg("doesn't match.\n");
 		}
 	}
-#endif
+#endif /* EMULATE_CHIP */
 
 dummy_init_out:
 	if (register_shutdown(dummy_shutdown, data)) {
-- 
cgit v1.2.3