[coreboot-gerrit] Patch set updated for coreboot: libpayload: fix leak in libcbfs
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Fri Jul 29 17:06:13 CEST 2016
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15958
-gerrit
commit 3a7dc31183f18f3a8153dc934abb8223d2247b0c
Author: Patrick Georgi <pgeorgi at chromium.org>
Date: Fri Jul 29 16:36:23 2016 +0200
libpayload: fix leak in libcbfs
stage wasn't freed on errors.
Change-Id: I10d2f42f3e484955619addbef2898981f6f90a35
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Found-by: Coverity Scan #1347345
---
payloads/libpayload/libcbfs/cbfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 38b1ff8..3cce799 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -116,8 +116,10 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name)
sizeof(struct cbfs_stage),
(void *) (uintptr_t) stage->load,
stage->len);
- if (!final_size)
- return (void *) -1;
+ if (!final_size) {
+ entry = -1;
+ goto out;
+ }
memset((void *)((uintptr_t)stage->load + final_size), 0,
stage->memlen - final_size);
@@ -127,6 +129,7 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name)
entry = stage->entry;
// entry = ntohll(stage->entry);
+out:
free(stage);
return (void *) entry;
}
More information about the coreboot-gerrit
mailing list