[PATCH] common: fix: add NULL checks for xrealloc in make_string

Anton Moryakov ant.v.moryakov at gmail.com
Thu Feb 6 23:01:23 CET 2025


- Check return value of xrealloc for NULL.
- Free allocated memory and return NULL if xrealloc fails.
- Prevent NULL pointer dereference in strlen and strcat.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>

---
 common/cli_hush.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/cli_hush.c b/common/cli_hush.c
index a6a8edce1f..701ceaf080 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3626,7 +3626,13 @@ static char *make_string(char **inp, int *nonnull)
 		noeval = 1;
 	for (n = 0; inp[n]; n++) {
 		p = insert_var_value_sub(inp[n], noeval);
-		str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+		char *new_str = xrealloc(str, (len + strlen(p) + (2 * nonnull[n])));
+		if (!new_str) {
+			free(str);  
+			if (p != inp[n]) free(p);  
+			return NULL;  
+		}
+		str = new_str;
 		if (n) {
 			strcat(str, " ");
 		} else {
-- 
2.30.2



More information about the U-Boot mailing list