From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from astoria.ccjclearline.com ([64.235.106.9]) by bombadil.infradead.org with esmtps (Exim 4.69 #1 (Red Hat Linux)) id 1NMeOs-00019Y-6l for barebox@lists.infradead.org; Mon, 21 Dec 2009 09:18:01 +0000 Date: Mon, 21 Dec 2009 04:17:29 -0500 (EST) From: "Robert P. J. Day" In-Reply-To: <20091221084559.GQ15126@pengutronix.de> Message-ID: References: <20091221084559.GQ15126@pengutronix.de> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: barebox-bounces@lists.infradead.org Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: Re: possible memory leak in commands/nand.c? To: Sascha Hauer Cc: "U-Boot Version 2 (barebox)" On Mon, 21 Dec 2009, Sascha Hauer wrote: ... snip ... > Yes, indeed, that's a memory hole here. The following should fix > this. Thanks for noting. > > Sascha > > > >From 4e4b03cd61808383a98cb1d10a47025e1909e0bd Mon Sep 17 00:00:00 2001 > From: Sascha Hauer > Date: Mon, 21 Dec 2009 09:41:52 +0100 > Subject: [PATCH] commands/nand.c: Fix memory hole > > Signed-off-by: Sascha Hauer > --- > commands/nand.c | 22 +++++++++++++++++----- > 1 files changed, 17 insertions(+), 5 deletions(-) > > diff --git a/commands/nand.c b/commands/nand.c > index cbf1058..55b89af 100644 > --- a/commands/nand.c > +++ b/commands/nand.c > @@ -224,31 +224,37 @@ static struct file_operations nand_bb_ops = { > int dev_add_bb_dev(char *path, const char *name) > { > struct nand_bb *bb; > - int ret; > + int ret = -ENOMEM; > struct stat s; > > bb = xzalloc(sizeof(*bb)); > bb->devname = asprintf("/dev/%s", basename(path)); > + if (!bb->devname) > + goto out1; > + > if (name) > bb->cdev.name = strdup(name); > else > bb->cdev.name = asprintf("%s.bb", basename(path)); > > + if (!bb->cdev.name) > + goto out2; > + > ret = stat(bb->devname, &s); > if (ret) > - goto free_out; > + goto out3; > > bb->raw_size = s.st_size; > > bb->fd = open(bb->devname, O_RDWR); > if (bb->fd < 0) { > ret = -ENODEV; > - goto free_out; > + goto out3; > } > > ret = ioctl(bb->fd, MEMGETINFO, &bb->info); > if (ret) > - goto free_out; > + goto out4; > > nand_bb_calc_size(bb); > bb->cdev.ops = &nand_bb_ops; > @@ -258,7 +264,13 @@ int dev_add_bb_dev(char *path, const char *name) > > return 0; > > -free_out: > +out4: > + close(bb->fd); > +out3: > + free(bb->cdev.name); > +out2: > + free(bb->devname); > +out1: > free(bb); > return ret; > } i'm not sure this required distinguishing between every one of those cases since the initial space was allocated with xzalloc(), guaranteeing it would be zero-filled, and freeing a NULL pointer is supposed to be a no-op. so it would have been simpler to just free(bb->devname); # might be NULL, no problem free(bb->cdev.name); # same here free(bb); but, yes, the above will work. there's another memory leak i've found, i'll submit a patch for it, for no other reason than i feel like getting a few patches with my name on it into the barebox git log. :-) rday -- ======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA Linux Consulting, Training and Kernel Pedantry. Web page: http://crashcourse.ca Twitter: http://twitter.com/rpjday ======================================================================== _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox