Nico Huber has submitted this change. ( https://review.coreboot.org/c/flashrom/+/59372 )

Change subject: flashrom.c: Validate before allocate in verify_range() ......................................................................

flashrom.c: Validate before allocate in verify_range()

Simplify a goto away for free'ing a buffer by validating before attempting to allocate.

BUG=none TEST=builds

Change-Id: Iae886f203d1c59ae9a89421f7483a4ec3f747256 Signed-off-by: Edward O'Callaghan quasisec@google.com Reviewed-on: https://review.coreboot.org/c/flashrom/+/59372 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Angel Pons th3fanbus@gmail.com Reviewed-by: Anastasia Klimchuk aklm@chromium.org --- M flashrom.c 1 file changed, 8 insertions(+), 10 deletions(-)

Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, but someone else must approve Anastasia Klimchuk: Looks good to me, approved

diff --git a/flashrom.c b/flashrom.c index 48d953b..b62d38c 100644 --- a/flashrom.c +++ b/flashrom.c @@ -417,6 +417,13 @@ if (!len) return -1;

+ if (start + len > flash->chip->total_size * 1024) { + msg_gerr("Error: %s called with start 0x%x + len 0x%x >" + " total_size 0x%x\n", __func__, start, len, + flash->chip->total_size * 1024); + return -1; + } + if (!flash->chip->read) { msg_cerr("ERROR: flashrom has no read function for this flash chip.\n"); return -1; @@ -427,17 +434,8 @@ msg_gerr("Could not allocate memory!\n"); return -1; } - int ret = 0;

- if (start + len > flash->chip->total_size * 1024) { - msg_gerr("Error: %s called with start 0x%x + len 0x%x >" - " total_size 0x%x\n", __func__, start, len, - flash->chip->total_size * 1024); - ret = -1; - goto out_free; - } - - ret = flash->chip->read(flash, readbuf, start, len); + int ret = flash->chip->read(flash, readbuf, start, len); if (ret) { msg_gerr("Verification impossible because read failed " "at 0x%x (len 0x%x)\n", start, len);