[U-Boot] [PATCH 4/8] fdtgrep: Fix logic of free() in do_fdtgrep()

Heinrich Schuchardt xypron.glpk at gmx.de
Sat Jun 9 19:44:13 UTC 2018


On 06/09/2018 08:22 PM, Simon Glass wrote:
> This loop never actually exits, but the way the code is written this is
> not obvious. Add an explicit error check.
> 
> Reported-by: Coverity (CID: 131280)
> 
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
> 
>  tools/fdtgrep.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/fdtgrep.c b/tools/fdtgrep.c
> index f2b8b71ed7..c4563e2289 100644
> --- a/tools/fdtgrep.c
> +++ b/tools/fdtgrep.c
> @@ -801,7 +801,7 @@ static int do_fdtgrep(struct display_info *disp, const char *filename)
>  	 * The first pass will count the regions, but if it is too many,
>  	 * we do another pass to actually record them.
>  	 */
> -	for (i = 0; i < 3; i++) {
> +	for (i = 0; i < 2; i++) {
>  		region = malloc(count * sizeof(struct fdt_region));
>  		if (!region) {
>  			fprintf(stderr, "Out of memory for %d regions\n",

Can't we call fdtgrep_find_regions() with max_regions = 0 and region =
NULL to do the counting and get rid of the loop? That may be a bit
slower but the code will be much easier to read.

> @@ -820,6 +820,8 @@ static int do_fdtgrep(struct display_info *disp, const char *filename)

Have a look at the lines in between:

                if (count < 0) {
                        report_error("fdt_find_regions", count);
                        return -1;
                }

Here a free(region) is missing.

Best regards

Heinrich

>  		if (count <= max_regions)
>  			break;
>  		free(region);
> +		fprintf(stderr, "Internal error with fdtgrep_find_region)(\n");
> +		return -1;
>  	}
>  
>  	/* Optionally print a list of regions */
> 



More information about the U-Boot mailing list