[SeaBIOS] [PATCH] Make sure all code checks for malloc failures

Kevin O'Connor kevin at koconnor.net
Tue Jun 30 17:16:20 CEST 2015


This is the result of an audit of callers of the malloc_XXX() and
memalign_XXX() calls.  All callers need to check if these functions
return NULL.

Signed-off-by: Kevin O'Connor <kevin at koconnor.net>
---
 src/cdrom.c       | 1 -
 src/hw/ahci.c     | 8 ++++++++
 src/hw/megasas.c  | 6 +++++-
 src/hw/ramdisk.c  | 2 +-
 src/hw/usb-xhci.c | 9 ++++++++-
 src/hw/usb.c      | 4 +++-
 6 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/cdrom.c b/src/cdrom.c
index 7ee36d9..ba02340 100644
--- a/src/cdrom.c
+++ b/src/cdrom.c
@@ -123,7 +123,6 @@ cdrom_prepboot(void)
     struct drive_s *drive = malloc_fseg(sizeof(*drive));
     if (!drive) {
         warn_noalloc();
-        free(drive);
         return;
     }
     cdemu_drive_gf = drive;
diff --git a/src/hw/ahci.c b/src/hw/ahci.c
index 3193d81..0d71cc4 100644
--- a/src/hw/ahci.c
+++ b/src/hw/ahci.c
@@ -405,6 +405,14 @@ static struct ahci_port_s* ahci_port_realloc(struct ahci_port_s *port)
     port->list = memalign_high(1024, 1024);
     port->fis = memalign_high(256, 256);
     port->cmd = memalign_high(256, 256);
+    if (!port->list || !port->fis || !port->cmd) {
+        warn_noalloc();
+        free(port->list);
+        free(port->fis);
+        free(port->cmd);
+        free(port);
+        return NULL;
+    }
 
     ahci_port_writel(port->ctrl, port->pnr, PORT_LST_ADDR, (u32)port->list);
     ahci_port_writel(port->ctrl, port->pnr, PORT_FIS_ADDR, (u32)port->fis);
diff --git a/src/hw/megasas.c b/src/hw/megasas.c
index b2a65e4..6677977 100644
--- a/src/hw/megasas.c
+++ b/src/hw/megasas.c
@@ -241,7 +241,10 @@ static void megasas_scan_target(struct pci_device *pci, u32 iobase)
 {
     struct mfi_ld_list_s ld_list;
     struct megasas_cmd_frame *frame = memalign_tmp(256, sizeof(*frame));
-    int i;
+    if (!frame) {
+        warn_noalloc();
+        return;
+    }
 
     memset(&ld_list, 0, sizeof(ld_list));
     memset_fl(frame, 0, sizeof(*frame));
@@ -258,6 +261,7 @@ static void megasas_scan_target(struct pci_device *pci, u32 iobase)
 
     if (megasas_fire_cmd(pci->device, iobase, frame) == 0) {
         dprintf(2, "%d LD found\n", ld_list.count);
+        int i;
         for (i = 0; i < ld_list.count; i++) {
             dprintf(2, "LD %d:%d state 0x%x\n",
                     ld_list.lds[i].target, ld_list.lds[i].lun,
diff --git a/src/hw/ramdisk.c b/src/hw/ramdisk.c
index 1177bc0..6b44c83 100644
--- a/src/hw/ramdisk.c
+++ b/src/hw/ramdisk.c
@@ -7,7 +7,7 @@
 #include "biosvar.h" // GET_GLOBALFLAT
 #include "block.h" // struct drive_s
 #include "bregs.h" // struct bregs
-#include "malloc.h" // malloc_fseg
+#include "malloc.h" // memalign_tmphigh
 #include "memmap.h" // add_e820
 #include "output.h" // dprintf
 #include "romfile.h" // romfile_findprefix
diff --git a/src/hw/usb-xhci.c b/src/hw/usb-xhci.c
index fd58334..41a6a3f 100644
--- a/src/hw/usb-xhci.c
+++ b/src/hw/usb-xhci.c
@@ -921,8 +921,14 @@ xhci_alloc_pipe(struct usbdevice_s *usbdev
     usb_desc2pipe(&pipe->pipe, usbdev, epdesc);
     pipe->epid = epid;
     pipe->reqs.cs = 1;
-    if (eptype == USB_ENDPOINT_XFER_INT)
+    if (eptype == USB_ENDPOINT_XFER_INT) {
         pipe->buf = malloc_high(pipe->pipe.maxpacket);
+        if (!pipe->buf) {
+            warn_noalloc();
+            free(pipe);
+            return NULL;
+        }
+    }
 
     // Allocate input context and initialize endpoint info.
     struct xhci_inctx *in = xhci_alloc_inctx(usbdev, epid);
@@ -988,6 +994,7 @@ xhci_alloc_pipe(struct usbdevice_s *usbdev
     return &pipe->pipe;
 
 fail:
+    free(pipe->buf);
     free(pipe);
     free(in);
     return NULL;
diff --git a/src/hw/usb.c b/src/hw/usb.c
index 1b4ea8b..2d5c224 100644
--- a/src/hw/usb.c
+++ b/src/hw/usb.c
@@ -249,8 +249,10 @@ get_device_config(struct usb_pipe *pipe)
         return NULL;
 
     void *config = malloc_tmphigh(cfg.wTotalLength);
-    if (!config)
+    if (!config) {
+        warn_noalloc();
         return NULL;
+    }
     req.wLength = cfg.wTotalLength;
     ret = usb_send_default_control(pipe, &req, config);
     if (ret) {
-- 
1.9.3




More information about the SeaBIOS mailing list