[flashrom] [PATCH] Fix flashrom memory leaks

Wed Sep 16 14:48:18 CEST 2009

The pattern of
foo = realloc(foo, size);
causes a memory leak if realloc fails because realloc does not free foo
in case of failure, but foo will be NULL after a failure, so there is no
way to access or free the original foo.

Fix unchecked [mc]alloc return values as well.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>

Index: flashrom-memleak/flash.h
===================================================================

--- flashrom-memleak/flash.h	(Revision 725)
+++ flashrom-memleak/flash.h	(Arbeitskopie)
@@ -323,7 +323,7 @@
 void print_supported_chipsets(void);
 void print_supported_boards(void);
 void print_supported_pcidevs(struct pcidev_status *devs);
-void print_wiki_tables(void);
+int print_wiki_tables(void);
 
 /* board_enable.c */
 void w836xx_ext_enter(uint16_t port);
Index: flashrom-memleak/ft2232_spi.c
===================================================================
--- flashrom-memleak/ft2232_spi.c	(Revision 725)
+++ flashrom-memleak/ft2232_spi.c	(Arbeitskopie)
@@ -193,14 +193,17 @@
 {
 	struct ftdi_context *ftdic = &ftdic_context;
 	static unsigned char *buf = NULL;
+	unsigned char *newbuf = NULL;
 	int i, ret = 0;
 
 	if (writecnt > 65536 || readcnt > 65536)
 		return SPI_INVALID_LENGTH;
 
-	buf = realloc(buf, writecnt + readcnt + 100);
-	if (!buf) {
+	newbuf = realloc(buf, writecnt + readcnt + 100);
+	if (!newbuf) {
 		fprintf(stderr, "Out of memory!\n");
+		free(buf);
+		buf = NULL;
 		exit(1);
 	}
 
Index: flashrom-memleak/flashrom.c
===================================================================
--- flashrom-memleak/flashrom.c	(Revision 725)
+++ flashrom-memleak/flashrom.c	(Arbeitskopie)
@@ -282,9 +282,12 @@
 
 char *strcat_realloc(char *dest, const char *src)
 {
-	dest = realloc(dest, strlen(dest) + strlen(src) + 1);
-	if (!dest)
+	char *newdest = realloc(dest, strlen(dest) + strlen(src) + 1);
+	if (!newdest) {
+		free(dest);
+		fprintf(stderr, "Could not allocate memory!\n");
 		return NULL;
+	}
 	strcat(dest, src);
 	return dest;
 }
@@ -459,6 +462,10 @@
 		printf("Error: No filename specified.\n");
 		return 1;
 	}
+	if (!buf) {
+		fprintf(stderr, "Could not allocate memory!\n");
+		exit(1);
+	}
 	if ((image = fopen(filename, "w")) == NULL) {
 		perror(filename);
 		exit(1);
@@ -829,7 +836,8 @@
 
 #if CONFIG_PRINT_WIKI == 1
 	if (list_supported_wiki) {
-		print_wiki_tables();
+		if (print_wiki_tables())
+			exit(1);
 		exit(0);
 	}
 #endif
@@ -944,6 +952,10 @@
 
 	size = flash->total_size * 1024;
 	buf = (uint8_t *) calloc(size, sizeof(char));
+	if (!buf) {
+		fprintf(stderr, "Could not allocate memory!\n");
+		exit(1);
+	}
 
 	if (erase_it) {
 		if (flash->tested & TEST_BAD_ERASE) {
Index: flashrom-memleak/print_wiki.c
===================================================================
--- flashrom-memleak/print_wiki.c	(Revision 725)
+++ flashrom-memleak/print_wiki.c	(Arbeitskopie)
@@ -353,7 +353,7 @@
 	printf("\n|}\n\n|}\n");
 }
 
-static void wiki_helper(const char *heading, const char *status,
+static int wiki_helper(const char *heading, const char *status,
 			int cols, const struct board_info boards[])
 {
 	int i, j, k, c, boardcount = 0, color = 1, num_notes = 0;
@@ -362,6 +362,10 @@
 	char *notes = calloc(1, 1);
 	char tmp[900 + 1];
 
+	if (!notes) {
+		fprintf(stderr, "Could not allocate memory!\n");
+		return 1;
+	}
 	for (b = boards; b->vendor != NULL; b++)
 		boardcount++;
 
@@ -388,6 +392,10 @@
 			snprintf((char *)&tmp, 900, "<sup>%d</sup> %s<br />\n",
 				 1 + num_notes++, boards_notes[c].note);
 			notes = strcat_realloc(notes, (char *)&tmp);
+			if (!notes) {
+				return 1;
+			}
+
 		} else {
 			printf("\n");
 		}
@@ -404,6 +412,8 @@
 	if (num_notes > 0)
 		printf("\n<small>\n%s</small>\n", notes);
 	free(notes);
+
+	return 0;
 }
 
 static void wiki_helper2(const char *heading, int cols)
@@ -447,16 +457,21 @@
 	printf("\n|}\n\n|}\n");
 }
 
-void print_supported_boards_wiki(void)
+int print_supported_boards_wiki(void)
 {
 	printf("%s", board_intro);
-	wiki_helper("Known good (worked out of the box)", "OK", 3, boards_ok);
+	if (wiki_helper("Known good (worked out of the box)", "OK", 3, boards_ok))
+		return 1;
 	wiki_helper2("Known good (with write-enable code in flashrom)", 3);
-	wiki_helper("Not supported (yet)", "No", 3, boards_bad);
+	if (wiki_helper("Not supported (yet)", "No", 3, boards_bad))
+		return 1;
 
 	printf("%s", laptop_intro);
-	wiki_helper("Known good (worked out of the box)", "OK", 1, laptops_ok);
-	wiki_helper("Not supported (yet)", "No", 1, laptops_bad);
+	if (wiki_helper("Known good (worked out of the box)", "OK", 1, laptops_ok))
+		return 1;
+	if (wiki_helper("Not supported (yet)", "No", 1, laptops_bad))
+		return 1;
+	return 0;
 }
 
 void print_supported_chips_wiki(void)
@@ -524,14 +539,15 @@
 	}
 }
 
-void print_wiki_tables(void)
+int print_wiki_tables(void)
 {
 	time_t t = time(NULL);
 
 	printf(wiki_header, ctime(&t), flashrom_version);
 	print_supported_chips_wiki();
 	print_supported_chipsets_wiki();
-	print_supported_boards_wiki();
+	if (print_supported_boards_wiki())
+		return 1;
 	printf("%s", programmer_section);
 #if NIC3COM_SUPPORT == 1
 	print_supported_pcidevs_wiki(nics_3com);
@@ -543,5 +559,6 @@
 	print_supported_pcidevs_wiki(satas_sii);
 #endif
 	printf("\n|}\n");
+	return 0;
 }
 
Index: flashrom-memleak/print.c
===================================================================
--- flashrom-memleak/print.c	(Revision 725)
+++ flashrom-memleak/print.c	(Arbeitskopie)
@@ -31,25 +31,48 @@
 char *flashbuses_to_text(enum chipbustype bustype)
 {
 	char *ret = calloc(1, 1);
+	if (!ret) {
+		fprintf(stderr, "Could not allocate memory!\n");
+		return NULL;
+	}
 	if (bustype == CHIP_BUSTYPE_UNKNOWN) {
 		ret = strcat_realloc(ret, "Unknown,");
+		if (!ret)
+			return NULL;
 	/*
 	 * FIXME: Once all chipsets and flash chips have been updated, NONSPI
 	 * will cease to exist and should be eliminated here as well.
 	 */
 	} else if (bustype == CHIP_BUSTYPE_NONSPI) {
 		ret = strcat_realloc(ret, "Non-SPI,");
+		if (!ret)
+			return NULL;
 	} else {
-		if (bustype & CHIP_BUSTYPE_PARALLEL)
+		if (bustype & CHIP_BUSTYPE_PARALLEL) {
 			ret = strcat_realloc(ret, "Parallel,");
-		if (bustype & CHIP_BUSTYPE_LPC)
+			if (!ret)
+				return NULL;
+		}
+		if (bustype & CHIP_BUSTYPE_LPC) {
 			ret = strcat_realloc(ret, "LPC,");
-		if (bustype & CHIP_BUSTYPE_FWH)
+			if (!ret)
+				return NULL;
+		}
+		if (bustype & CHIP_BUSTYPE_FWH) {
 			ret = strcat_realloc(ret, "FWH,");
-		if (bustype & CHIP_BUSTYPE_SPI)
+			if (!ret)
+				return NULL;
+		}
+		if (bustype & CHIP_BUSTYPE_SPI) {
 			ret = strcat_realloc(ret, "SPI,");
-		if (bustype == CHIP_BUSTYPE_NONE)
+			if (!ret)
+				return NULL;
+		}
+		if (bustype == CHIP_BUSTYPE_NONE) {
 			ret = strcat_realloc(ret, "None,");
+			if (!ret)
+				return NULL;
+		}
 	}
 	/* Kill last comma. */
 	ret[strlen(ret) - 1] = '\0';


-- 
http://www.hailfinger.org/



