[flashrom] [PATCH] fix unchecked malloc calls

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Fri Jul 1 06:05:07 CEST 2011


compile tested only.
btw... why dont we wrap malloc to automatically include these checks?
there is probably a patch somewhere that adds totally awesome shutdown code in OOM cases,
but afaics we just print a warning and exit right now... it is just stupid to do the checks in the real
code then.

Signed-off-by: Stefan Tauner <stefan.tauner at student.tuwien.ac.at>
---
 flashrom.c |   12 ++++++++++++
 hwaccess.c |    4 ++++
 pcidev.c   |    4 ++++
 serial.c   |    2 ++
 4 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/flashrom.c b/flashrom.c
index 12a51ad..a41d0c9 100644
--- a/flashrom.c
+++ b/flashrom.c
@@ -1515,6 +1515,10 @@ int erase_and_write_flash(struct flashchip *flash, uint8_t *oldcontents, uint8_t
 
 	msg_cinfo("Erasing and writing flash chip... ");
 	curcontents = (uint8_t *) malloc(size);
+	if (!curcontents) {
+		msg_gerr("Out of memory!\n");
+		exit(1);
+	}
 	/* Copy oldcontents to curcontents to avoid clobbering oldcontents. */
 	memcpy(curcontents, oldcontents, size);
 
@@ -1882,9 +1886,17 @@ int doit(struct flashchip *flash, int force, const char *filename, int read_it,
 	}
 
 	oldcontents = (uint8_t *) malloc(size);
+	if (!oldcontents) {
+		msg_gerr("Out of memory!\n");
+		exit(1);
+	}
 	/* Assume worst case: All bits are 0. */
 	memset(oldcontents, 0x00, size);
 	newcontents = (uint8_t *) malloc(size);
+	if (!newcontents) {
+		msg_gerr("Out of memory!\n");
+		exit(1);
+	}
 	/* Assume best case: All bits should be 1. */
 	memset(newcontents, 0xff, size);
 	/* Side effect of the assumptions above: Default write action is erase
diff --git a/hwaccess.c b/hwaccess.c
index efe8bb0..8c89925 100644
--- a/hwaccess.c
+++ b/hwaccess.c
@@ -226,6 +226,10 @@ int undo_mmio_write(void *p)
 {									\
 	struct undo_mmio_write_data *undo_mmio_write_data;		\
 	undo_mmio_write_data = malloc(sizeof(struct undo_mmio_write_data)); \
+	if (!undo_mmio_write_data) {					\
+		msg_gerr("Out of memory!\n");				\
+		exit(1);						\
+	}								\
 	undo_mmio_write_data->addr = a;					\
 	undo_mmio_write_data->type = mmio_write_type_##c;		\
 	undo_mmio_write_data->c##data = mmio_read##c(a);		\
diff --git a/pcidev.c b/pcidev.c
index 1f9a5cc..d4ad8bc 100644
--- a/pcidev.c
+++ b/pcidev.c
@@ -295,6 +295,10 @@ int undo_pci_write(void *p)
 {									\
 	struct undo_pci_write_data *undo_pci_write_data;		\
 	undo_pci_write_data = malloc(sizeof(struct undo_pci_write_data)); \
+	if (!undo_pci_write_data) {					\
+		msg_gerr("Out of memory!\n");				\
+		exit(1);						\
+	}								\
 	undo_pci_write_data->dev = *a;					\
 	undo_pci_write_data->reg = b;					\
 	undo_pci_write_data->type = pci_write_type_##c;			\
diff --git a/serial.c b/serial.c
index 37ea422..31d76e3 100644
--- a/serial.c
+++ b/serial.c
@@ -110,6 +110,8 @@ fdtype sp_openserport(char *dev, unsigned int baud)
 	    (tolower((unsigned char)dev[1]) == 'o') &&
 	    (tolower((unsigned char)dev[2]) == 'm')) {
 		dev2 = malloc(strlen(dev) + 5);
+		if (!dev2)
+			sp_die("Error: Out of memory");
 		strcpy(dev2, "\\\\.\\");
 		strcpy(dev2 + 4, dev);
 	}
-- 
1.7.1





More information about the flashrom mailing list