[PATCH 3/3] common/spl: improve error handling in spl_fit
Tom Rini
trini at konsulko.com
Fri Jun 6 22:56:02 CEST 2025
On Fri, Jun 06, 2025 at 10:35:24PM +0300, Mikhail Kshevetskiy wrote:
> This fix possible NULL pointer dereference.
> Also some comments added about potential memory leak.
>
> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy at iopsys.eu>
> ---
> common/spl/spl_fit.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index 783bb84bdb5..438d1ecf124 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -703,13 +703,29 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
> */
> size = get_aligned_image_size(info, size, 0);
> buf = board_spl_fit_buffer_addr(size, size, 1);
> + if (!buf)
> + return -EIO;
>
> count = info->read(info, offset, size, buf);
> + if (!count) {
> + /*
> + * The memory allocated by board_spl_fit_buffer_addr()
> + * should be freed. Unfortunately, we don't know what
> + * memory allocation mechanism was used, so we'll hope
> + * for the best and leave it as is.
> + *
> + * To somewhat reduce memory consumption, one can try
> + * to reuse previously allocated memory as it's done in
> + * board_spl_fit_buffer_addr() from test/image/spl_load.c
> + */
> + return -EIO;
> + }
> +
> ctx->fit = buf;
> debug("fit read offset %lx, size=%lu, dst=%p, count=%lu\n",
> offset, size, buf, count);
>
> - return (count == 0) ? -EIO : 0;
> + return 0;
> }
>
> static int spl_simple_fit_parse(struct spl_fit_info *ctx)
Since you have a good comment in here can you please elaborate more in
the commit message, thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250606/bc86b616/attachment.sig>
More information about the U-Boot
mailing list