[PATCH] boot: fix memory leak in bootmeth-uclass.c

ant.v.moryakov at gmail.com ant.v.moryakov at gmail.com
Fri May 16 13:54:29 CEST 2025 

From: Anton Moryakov <ant.v.moryakov at gmail.com>

The static analyzer (Svace) reported a memory leak in bootmeth_setup_iter_order():
Dynamic memory referenced by 'order' was allocated by calloc() at bootmeth-uclass.c:113
but could be lost when returning error codes.

This fix:
1. Adds proper error handling with goto/cleanup pattern
2. Frees allocated 'order' before returning error codes
3. Maintains all existing functionality

Identified issues fixed:
- Memory leak on !include_global (-EPERM)
- Memory leak on empty method list (-ENOENT)
- Memory leak on allocation failure (-ENOMEM)

Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
 boot/bootmeth-uclass.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/boot/bootmeth-uclass.c b/boot/bootmeth-uclass.c
index 014b7588e8d..b3870ba5364 100644
--- a/boot/bootmeth-uclass.c
+++ b/boot/bootmeth-uclass.c
@@ -135,8 +135,10 @@ int bootmeth_setup_iter_order(struct bootflow_iter *iter, bool include_global)
 		 * We don't support skipping global bootmeths. Instead, the user
 		 * should omit them from the ordering
 		 */
-		if (!include_global)
-			return log_msg_ret("glob", -EPERM);
+		if (!include_global) {
+			ret = log_msg_ret("glob", -EPERM);
+			goto err;
+		} 
 		memcpy(order, std->bootmeth_order,
 		       count * sizeof(struct bootmeth *));
 
@@ -190,9 +192,10 @@ int bootmeth_setup_iter_order(struct bootflow_iter *iter, bool include_global)
 		}
 		count = upto;
 	}
-	if (!count)
-		return log_msg_ret("count2", -ENOENT);
-
+    if (!count) {
+        ret = log_msg_ret("count2", -ENOENT);
+        goto err;
+    }
 	if (IS_ENABLED(CONFIG_BOOTMETH_GLOBAL) && include_global &&
 	    iter->first_glob_method != -1 && iter->first_glob_method != count) {
 		iter->cur_method = iter->first_glob_method;
@@ -202,6 +205,10 @@ int bootmeth_setup_iter_order(struct bootflow_iter *iter, bool include_global)
 	iter->num_methods = count;
 
 	return 0;
+
+err:
+    free(order);
+    return ret;
 }
 
 int bootmeth_set_order(const char *order_str)
-- 
2.30.2

More information about the U-Boot mailing list