From dce629b2f8260010a06ea5a9bd31f5c65f483f3d Mon Sep 17 00:00:00 2001 From: Patrick Georgi Date: Fri, 13 Jan 2017 13:30:54 +0100 Subject: [PATCH] util/cbfstool: avoid memleaks and off-by-ones Change-Id: Iac136a5dfe76f21aa7c0d5ee4e974e50b955403b Signed-off-by: Patrick Georgi Found-by: scan-build 3.8 Reviewed-on: https://review.coreboot.org/18134 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber --- util/cbfstool/cbfs_image.c | 19 +++++++++++++++++-- util/cbfstool/cbfscomptool.c | 5 +++++ util/cbfstool/fmd.c | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c index e530224fac..1f4b49a48d 100644 --- a/util/cbfstool/cbfs_image.c +++ b/util/cbfstool/cbfs_image.c @@ -1150,13 +1150,22 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch) segs[i].len); } else if (segs[i].type == PAYLOAD_SEGMENT_ENTRY) { break; + } else { + ERROR("unknown ELF segment type\n"); + goto out; } + if (!name) { + ERROR("out of memory\n"); + goto out; + } if (elf_writer_add_section(ew, &shdr, &tbuff, name)) { ERROR("Unable to add ELF section: %s\n", name); + free(name); goto out; } + free(name); if (empty_sz != 0) { struct buffer b; @@ -1168,10 +1177,16 @@ static int cbfs_payload_make_elf(struct buffer *buff, uint32_t arch) shdr.sh_addr = segs[i].load_addr + segs[i].len; shdr.sh_size = empty_sz; name = strdup(".empty"); - if (elf_writer_add_section(ew, &shdr, &b, name)) { - ERROR("Unable to add ELF section: %s\n", name); + if (!name) { + ERROR("out of memory\n"); goto out; } + if (elf_writer_add_section(ew, &shdr, &b, name)) { + ERROR("Unable to add ELF section: %s\n", name); + free(name); + goto out; + } + free(name); } } diff --git a/util/cbfstool/cbfscomptool.c b/util/cbfstool/cbfscomptool.c index 9e804860a9..3430809e0d 100644 --- a/util/cbfstool/cbfscomptool.c +++ b/util/cbfstool/cbfscomptool.c @@ -49,6 +49,7 @@ int benchmark() } char *compressed_data = malloc(bufsize); if (!compressed_data) { + free(data); fprintf(stderr, "out of memory\n"); return 1; } @@ -64,6 +65,8 @@ int benchmark() comp_func_ptr comp = compression_function(algo->type); if (comp == NULL) { printf("no handler associated with algorithm\n"); + free(data); + free(compressed_data); return 1; } @@ -80,6 +83,8 @@ int benchmark() bufsize, outsize, t_e.tv_sec - t_s.tv_sec); } + free(data); + free(compressed_data); return 0; } diff --git a/util/cbfstool/fmd.c b/util/cbfstool/fmd.c index afd87015f8..7a289d7743 100644 --- a/util/cbfstool/fmd.c +++ b/util/cbfstool/fmd.c @@ -289,7 +289,7 @@ static void print_with_prefix(const struct flashmap_descriptor *tree, if (tree->list_len) { puts(":"); - char child_prefix[strlen(pre) + 1]; + char child_prefix[strlen(pre) + 2]; strcpy(child_prefix, pre); strcat(child_prefix, "\t"); fmd_foreach_child(each, tree)