Patch set updated for coreboot: util/cbfstool: avoid memleaks and off-by-ones - coreboot-gerrit

10 Feb 2017

Patrick Georgi (pgeorgi@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18134
-gerrit
commit a16018d85dbf7ef6605e31e0f2aab18149aac1f7
Author: Patrick Georgi pgeorgi@chromium.org
Date:   Fri Jan 13 13:30:54 2017 +0100
util/cbfstool: avoid memleaks and off-by-ones
Change-Id: Iac136a5dfe76f21aa7c0d5ee4e974e50b955403b
    Signed-off-by: Patrick Georgi pgeorgi@chromium.org
    Found-by: scan-build 3.8
---
 util/cbfstool/cbfs_image.c   | 13 +++++++++++++
 util/cbfstool/cbfscomptool.c |  5 +++++
 util/cbfstool/fmd.c          |  2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index e530224..ccb92d8 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1150,13 +1150,22 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
    			       segs[i].len);
    	} else if (segs[i].type == PAYLOAD_SEGMENT_ENTRY) {
    		break;
+		} else {
+			ERROR("unknown ELF segment type\n");
+			goto out;
    	}
+		if (!name) {
+			ERROR("out of memory\n");
+			goto out;
+		}
if (elf_writer_add_section(ew, &shdr, &tbuff, name)) {
    		ERROR("Unable to add ELF section: %s\n", name);
+			free(name);
    		goto out;
    	}
+		free(name);
if (empty_sz != 0) {
    		struct buffer b;
@@ -1168,10 +1177,14 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
    		shdr.sh_addr = segs[i].load_addr + segs[i].len;
    		shdr.sh_size = empty_sz;
    		name = strdup(".empty");
+			if (!name)
+				ERROR("out of memory\n");
    		if (elf_writer_add_section(ew, &shdr, &b, name)) {
    			ERROR("Unable to add ELF section: %s\n", name);
+				free(name);
    			goto out;
    		}
+			free(name);
    	}
    }
diff --git a/util/cbfstool/cbfscomptool.c b/util/cbfstool/cbfscomptool.c
index 9e80486..3430809 100644
--- a/util/cbfstool/cbfscomptool.c
+++ b/util/cbfstool/cbfscomptool.c
@@ -49,6 +49,7 @@ int benchmark()
    }
    char *compressed_data = malloc(bufsize);
    if (!compressed_data) {
+		free(data);
    	fprintf(stderr, "out of memory\n");
    	return 1;
    }
@@ -64,6 +65,8 @@ int benchmark()
    	comp_func_ptr comp = compression_function(algo->type);
    	if (comp == NULL) {
    		printf("no handler associated with algorithm\n");
+			free(data);
+			free(compressed_data);
    		return 1;
    	}
@@ -80,6 +83,8 @@ int benchmark()
    		bufsize, outsize,
    		t_e.tv_sec - t_s.tv_sec);
    }
+	free(data);
+	free(compressed_data);
    return 0;
 }
diff --git a/util/cbfstool/fmd.c b/util/cbfstool/fmd.c
index afd8701..7a289d7 100644
--- a/util/cbfstool/fmd.c
+++ b/util/cbfstool/fmd.c
@@ -289,7 +289,7 @@ static void print_with_prefix(const struct flashmap_descriptor *tree,
    if (tree->list_len) {
    	puts(":");
-		char child_prefix[strlen(pre) + 1];
+		char child_prefix[strlen(pre) + 2];
    	strcpy(child_prefix, pre);
    	strcat(child_prefix, "\t");
    	fmd_foreach_child(each, tree)

    