[coreboot-gerrit] New patch to review for coreboot: util/cbfstool: avoid memleaks and off-by-ones

Patrick Georgi (pgeorgi@google.com) gerrit at coreboot.org
Fri Jan 13 13:31:38 CET 2017 

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18134

-gerrit

commit 615d332d1039026e6e3c9edd7972bea8d7d93eee
Author: Patrick Georgi <pgeorgi at chromium.org>
Date:   Fri Jan 13 13:30:54 2017 +0100

    util/cbfstool: avoid memleaks and off-by-ones
    
    Change-Id: Iac136a5dfe76f21aa7c0d5ee4e974e50b955403b
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
    Found-by: scan-build 3.8
---
 util/cbfstool/cbfs_image.c   | 6 ++++++
 util/cbfstool/cbfscomptool.c | 5 +++++
 util/cbfstool/fmd.c          | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index e530224..da0335e 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1149,14 +1149,18 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
 			buffer_splice(&tbuff, buff, segs[i].offset,
 				       segs[i].len);
 		} else if (segs[i].type == PAYLOAD_SEGMENT_ENTRY) {
+			if (name) free(name);
 			break;
 		}
 
 
 		if (elf_writer_add_section(ew, &shdr, &tbuff, name)) {
 			ERROR("Unable to add ELF section: %s\n", name);
+			if (name) free(name);
 			goto out;
 		}
+		if (name) free(name);
+		name = NULL;
 
 		if (empty_sz != 0) {
 			struct buffer b;
@@ -1170,8 +1174,10 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch)
 			name = strdup(".empty");
 			if (elf_writer_add_section(ew, &shdr, &b, name)) {
 				ERROR("Unable to add ELF section: %s\n", name);
+				if (name) free(name);
 				goto out;
 			}
+			if (name) free(name);
 		}
 	}
 
diff --git a/util/cbfstool/cbfscomptool.c b/util/cbfstool/cbfscomptool.c
index 1aa1699..b7a4b1b 100644
--- a/util/cbfstool/cbfscomptool.c
+++ b/util/cbfstool/cbfscomptool.c
@@ -49,6 +49,7 @@ int benchmark()
 	}
 	char *compressed_data = malloc(bufsize);
 	if (!compressed_data) {
+		free(data);
 		fprintf(stderr, "out of memory\n");
 		return 1;
 	}
@@ -64,6 +65,8 @@ int benchmark()
 		comp_func_ptr comp = compression_function(algo->type);
 		if (comp == NULL) {
 			printf("no handler associated with algorithm\n");
+			free(data);
+			free(compressed_data);
 			return 1;
 		}
 
@@ -80,6 +83,8 @@ int benchmark()
 			bufsize, outsize,
 			t_e.tv_sec - t_s.tv_sec);
 	}
+	free(data);
+	free(compressed_data);
 	return 0;
 }
 
diff --git a/util/cbfstool/fmd.c b/util/cbfstool/fmd.c
index afd8701..7a289d7 100644
--- a/util/cbfstool/fmd.c
+++ b/util/cbfstool/fmd.c
@@ -289,7 +289,7 @@ static void print_with_prefix(const struct flashmap_descriptor *tree,
 	if (tree->list_len) {
 		puts(":");
 
-		char child_prefix[strlen(pre) + 1];
+		char child_prefix[strlen(pre) + 2];
 		strcpy(child_prefix, pre);
 		strcat(child_prefix, "\t");
 		fmd_foreach_child(each, tree)

More information about the coreboot-gerrit mailing list