[S] Change in flashrom[master]: erasure_layout.c: Test erasefn_count before using it to allocate memory - flashrom-gerrit

23 Feb 2023

Thomas Heijligen has submitted this change. ( https://review.coreboot.org/c/flashrom/+/73041 )
Change subject: erasure_layout.c: Test erasefn_count before using it to allocate memory
......................................................................
erasure_layout.c: Test erasefn_count before using it to allocate memory
In erasure_layout.c:create_erase_layout() the layout will be allocated
based on erasefn_count, But calling calloc with 0 is unspecified
behavior. Also it is not freed when erasefn_count is 0.
So test first if erasefn_count is 0, and only when not allocate the
memory for *layout.
Reported by Coverty Scan:
*** CID 1505171:  Resource leaks  (RESOURCE_LEAK)
/erasure_layout.c: 105 in create_erase_layout()
98         if(!layout) {
99                 msg_gerr("Out of memory!\n");
100                return -1;
101        }
102
103        if (!erasefn_count) {
104                msg_gerr("No erase functions supported\n");
...
...
...
CID 1505171:  Resource leaks  (RESOURCE_LEAK)
Variable "layout" going out of scope leaks the storage it points to.
105                return 0;
106        }
Change-Id: If13b050ac8525fee44d3f3bf74a9c9b6a8d38399
Signed-off-by: Thomas Heijligen thomas.heijligen@secunet.com
Reviewed-on: https://review.coreboot.org/c/flashrom/+/73041
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Anastasia Klimchuk aklm@chromium.org
---
M erasure_layout.c
1 file changed, 40 insertions(+), 7 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Anastasia Klimchuk: Looks good to me, approved

diff --git a/erasure_layout.c b/erasure_layout.c
index 05376de..2097b33 100644
--- a/erasure_layout.c
+++ b/erasure_layout.c
@@ -93,18 +93,17 @@
 {
    const struct flashchip *chip = flashctx->chip;
    const size_t erasefn_count = count_usable_erasers(flashctx);
-	struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
-
-	if (!layout) {
-		msg_gerr("Out of memory!\n");
-		return -1;
-	}
-
    if (!erasefn_count) {
    	msg_gerr("No erase functions supported\n");
    	return 0;
    }
+	struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
+	if (!layout) {
+		msg_gerr("Out of memory!\n");
+		return -1;
+	}
+
    size_t layout_idx = 0;
    for (size_t eraser_idx = 0; eraser_idx < NUM_ERASEFUNCTIONS; eraser_idx++) {
    	if (check_block_eraser(flashctx, eraser_idx, 0))
-- 
To view, visit https://review.coreboot.org/c/flashrom/+/73041
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: If13b050ac8525fee44d3f3bf74a9c9b6a8d38399
Gerrit-Change-Number: 73041
Gerrit-PatchSet: 2
Gerrit-Owner: Thomas Heijligen src@posteo.de
Gerrit-Reviewer: Aarya aarya.chaumal@gmail.com
Gerrit-Reviewer: Anastasia Klimchuk aklm@chromium.org
Gerrit-Reviewer: Edward O'Callaghan quasisec@chromium.org
Gerrit-Reviewer: Thomas Heijligen src@posteo.de
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    