[coreboot-gerrit] Patch set updated for coreboot: util/cbfstool: avoid memleaks and off-by-ones

[Patrick Georgi (pgeorgi@google.com)]

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18134

-gerrit

commit 76e8f149f7caa549fa58b40615371a9c9c6ae994
Author: Patrick Georgi <pgeorgi at chromium.org>
Date:   Fri Jan 13 13:30:54 2017 +0100

    util/cbfstool: avoid memleaks and off-by-ones
    
    Change-Id: Iac136a5dfe76f21aa7c0d5ee4e974e50b955403b
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
    Found-by: scan-build 3.8
---
 util/cbfstool/cbfs_image.c   | 10 ++++++++++
 util/cbfstool/cbfscomptool.c |  5 +++++
 util/cbfstool/fmd.c          |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index e530224..00d6bb2 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1150,13 +1150,19 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
 				       segs[i].len);
 		} else if (segs[i].type == PAYLOAD_SEGMENT_ENTRY) {
 			break;
+		} else {
+			ERROR("unknown ELF segment type\n");
 		}
 
+		if (!name)
+			ERROR("out of memory\n");
 
 		if (elf_writer_add_section(ew, &shdr, &tbuff, name)) {
 			ERROR("Unable to add ELF section: %s\n", name);
+			free(name);
 			goto out;
 		}
+		free(name);
 
 		if (empty_sz != 0) {
 			struct buffer b;
@@ -1168,10 +1174,14 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
 			shdr.sh_addr = segs[i].load_addr + segs[i].len;
 			shdr.sh_size = empty_sz;
 			name = strdup(".empty");
+			if (!name)
+				ERROR("out of memory\n");
 			if (elf_writer_add_section(ew, &shdr, &b, name)) {
 				ERROR("Unable to add ELF section: %s\n", name);
+				free(name);
 				goto out;
 			}
+			free(name);
 		}
 	}
 
diff --git a/util/cbfstool/cbfscomptool.c b/util/cbfstool/cbfscomptool.c
index 9e80486..3430809 100644
--- a/util/cbfstool/cbfscomptool.c
+++ b/util/cbfstool/cbfscomptool.c
@@ -49,6 +49,7 @@ int benchmark()
 	}
 	char *compressed_data = malloc(bufsize);
 	if (!compressed_data) {
+		free(data);
 		fprintf(stderr, "out of memory\n");
 		return 1;
 	}
@@ -64,6 +65,8 @@ int benchmark()
 		comp_func_ptr comp = compression_function(algo->type);
 		if (comp == NULL) {
 			printf("no handler associated with algorithm\n");
+			free(data);
+			free(compressed_data);
 			return 1;
 		}
 
@@ -80,6 +83,8 @@ int benchmark()
 			bufsize, outsize,
 			t_e.tv_sec - t_s.tv_sec);
 	}
+	free(data);
+	free(compressed_data);
 	return 0;
 }
 
diff --git a/util/cbfstool/fmd.c b/util/cbfstool/fmd.c
index afd8701..7a289d7 100644
--- a/util/cbfstool/fmd.c
+++ b/util/cbfstool/fmd.c
@@ -289,7 +289,7 @@ static void print_with_prefix(const struct flashmap_descriptor *tree,
 	if (tree->list_len) {
 		puts(":");
 
-		char child_prefix[strlen(pre) + 1];
+		char child_prefix[strlen(pre) + 2];
 		strcpy(child_prefix, pre);
 		strcat(child_prefix, "\t");
 		fmd_foreach_child(each, tree)