Edward O'Callaghan has uploaded this change for review.

View Change

flashrom.c: Validate before allocate in verify_range()

Simplify a goto away for free'ing a buffer by validating
before attempting to allocate.

BUG=none
TEST=builds

Change-Id: Iae886f203d1c59ae9a89421f7483a4ec3f747256
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
---
M flashrom.c
1 file changed, 8 insertions(+), 10 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/72/59372/1
diff --git a/flashrom.c b/flashrom.c
index 48d953b..b62d38c 100644
--- a/flashrom.c
+++ b/flashrom.c
@@ -417,6 +417,13 @@
if (!len)
return -1;

+ if (start + len > flash->chip->total_size * 1024) {
+ msg_gerr("Error: %s called with start 0x%x + len 0x%x >"
+ " total_size 0x%x\n", __func__, start, len,
+ flash->chip->total_size * 1024);
+ return -1;
+ }
+
if (!flash->chip->read) {
msg_cerr("ERROR: flashrom has no read function for this flash chip.\n");
return -1;
@@ -427,17 +434,8 @@
msg_gerr("Could not allocate memory!\n");
return -1;
}
- int ret = 0;

- if (start + len > flash->chip->total_size * 1024) {
- msg_gerr("Error: %s called with start 0x%x + len 0x%x >"
- " total_size 0x%x\n", __func__, start, len,
- flash->chip->total_size * 1024);
- ret = -1;
- goto out_free;
- }
-
- ret = flash->chip->read(flash, readbuf, start, len);
+ int ret = flash->chip->read(flash, readbuf, start, len);
if (ret) {
msg_gerr("Verification impossible because read failed "
"at 0x%x (len 0x%x)\n", start, len);

To view, visit change 59372. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Iae886f203d1c59ae9a89421f7483a4ec3f747256
Gerrit-Change-Number: 59372
Gerrit-PatchSet: 1
Gerrit-Owner: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-MessageType: newchange