New patch to review for coreboot: libpayload: fix leak in libcbfs - coreboot-gerrit

29 Jul 2016

Patrick Georgi (pgeorgi@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15958
-gerrit
commit 942fb5e7fc33c8aa7743cf01d55414c8c638cc08
Author: Patrick Georgi pgeorgi@chromium.org
Date:   Fri Jul 29 16:36:23 2016 +0200
libpayload: fix leak in libcbfs
stage wasn't freed on errors.
Change-Id: I10d2f42f3e484955619addbef2898981f6f90a35
    Signed-off-by: Patrick Georgi pgeorgi@chromium.org
    Found-by: Coverity Scan #1347345
---
 payloads/libpayload/libcbfs/cbfs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 38b1ff8..a67fae2 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -116,8 +116,10 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name)
    			     sizeof(struct cbfs_stage),
    			     (void *) (uintptr_t) stage->load,
    			     stage->len);
-	if (!final_size)
-		return (void *) -1;
+	if (!final_size) {
+		entry = (void *)-1;
+		goto out;
+	}
memset((void *)((uintptr_t)stage->load + final_size), 0,
           stage->memlen - final_size);
@@ -127,6 +129,7 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name)
    entry = stage->entry;
    // entry = ntohll(stage->entry);
+out:
    free(stage);
    return (void *) entry;
 }

    