This is the result of an audit of callers of the malloc_XXX() and memalign_XXX() calls. All callers need to check if these functions return NULL.

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/cdrom.c | 1 - src/hw/ahci.c | 8 ++++++++ src/hw/megasas.c | 6 +++++- src/hw/ramdisk.c | 2 +- src/hw/usb-xhci.c | 9 ++++++++- src/hw/usb.c | 4 +++- 6 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/cdrom.c b/src/cdrom.c index 7ee36d9..ba02340 100644 --- a/src/cdrom.c +++ b/src/cdrom.c @@ -123,7 +123,6 @@ cdrom_prepboot(void) struct drive_s *drive = malloc_fseg(sizeof(*drive)); if (!drive) { warn_noalloc(); - free(drive); return; } cdemu_drive_gf = drive; diff --git a/src/hw/ahci.c b/src/hw/ahci.c index 3193d81..0d71cc4 100644 --- a/src/hw/ahci.c +++ b/src/hw/ahci.c @@ -405,6 +405,14 @@ static struct ahci_port_s* ahci_port_realloc(struct ahci_port_s *port) port->list = memalign_high(1024, 1024); port->fis = memalign_high(256, 256); port->cmd = memalign_high(256, 256); + if (!port->list || !port->fis || !port->cmd) { + warn_noalloc(); + free(port->list); + free(port->fis); + free(port->cmd); + free(port); + return NULL; + }

ahci_port_writel(port->ctrl, port->pnr, PORT_LST_ADDR, (u32)port->list); ahci_port_writel(port->ctrl, port->pnr, PORT_FIS_ADDR, (u32)port->fis); diff --git a/src/hw/megasas.c b/src/hw/megasas.c index b2a65e4..6677977 100644 --- a/src/hw/megasas.c +++ b/src/hw/megasas.c @@ -241,7 +241,10 @@ static void megasas_scan_target(struct pci_device *pci, u32 iobase) { struct mfi_ld_list_s ld_list; struct megasas_cmd_frame *frame = memalign_tmp(256, sizeof(*frame)); - int i; + if (!frame) { + warn_noalloc(); + return; + }

memset(&ld_list, 0, sizeof(ld_list)); memset_fl(frame, 0, sizeof(*frame)); @@ -258,6 +261,7 @@ static void megasas_scan_target(struct pci_device *pci, u32 iobase)

if (megasas_fire_cmd(pci->device, iobase, frame) == 0) { dprintf(2, "%d LD found\n", ld_list.count); + int i; for (i = 0; i < ld_list.count; i++) { dprintf(2, "LD %d:%d state 0x%x\n", ld_list.lds[i].target, ld_list.lds[i].lun, diff --git a/src/hw/ramdisk.c b/src/hw/ramdisk.c index 1177bc0..6b44c83 100644 --- a/src/hw/ramdisk.c +++ b/src/hw/ramdisk.c @@ -7,7 +7,7 @@ #include "biosvar.h" // GET_GLOBALFLAT #include "block.h" // struct drive_s #include "bregs.h" // struct bregs -#include "malloc.h" // malloc_fseg +#include "malloc.h" // memalign_tmphigh #include "memmap.h" // add_e820 #include "output.h" // dprintf #include "romfile.h" // romfile_findprefix diff --git a/src/hw/usb-xhci.c b/src/hw/usb-xhci.c index fd58334..41a6a3f 100644 --- a/src/hw/usb-xhci.c +++ b/src/hw/usb-xhci.c @@ -921,8 +921,14 @@ xhci_alloc_pipe(struct usbdevice_s *usbdev usb_desc2pipe(&pipe->pipe, usbdev, epdesc); pipe->epid = epid; pipe->reqs.cs = 1; - if (eptype == USB_ENDPOINT_XFER_INT) + if (eptype == USB_ENDPOINT_XFER_INT) { pipe->buf = malloc_high(pipe->pipe.maxpacket); + if (!pipe->buf) { + warn_noalloc(); + free(pipe); + return NULL; + } + }

// Allocate input context and initialize endpoint info. struct xhci_inctx *in = xhci_alloc_inctx(usbdev, epid); @@ -988,6 +994,7 @@ xhci_alloc_pipe(struct usbdevice_s *usbdev return &pipe->pipe;

fail: + free(pipe->buf); free(pipe); free(in); return NULL; diff --git a/src/hw/usb.c b/src/hw/usb.c index 1b4ea8b..2d5c224 100644 --- a/src/hw/usb.c +++ b/src/hw/usb.c @@ -249,8 +249,10 @@ get_device_config(struct usb_pipe *pipe) return NULL;

void *config = malloc_tmphigh(cfg.wTotalLength); - if (!config) + if (!config) { + warn_noalloc(); return NULL; + } req.wLength = cfg.wTotalLength; ret = usb_send_default_control(pipe, &req, config); if (ret) {