Re: [PATCHv3] cmd/gpt: Address error cases during gpt rename more correctly
On Tue, Jan 21, 2020 at 11:53:38AM -0500, Tom Rini wrote:
> New analysis by the tool has shown that we have some cases where we
> weren't handling the error exit condition correctly. When we ran into
> the ENOMEM case we wouldn't exit the function and thus incorrect things
> could happen. Rework the unwinding such that we don't need a helper
> function now and free what we may have allocated.
>
> Fixes: 18030d04d25d ("GPT: fix memory leaks identified by Coverity")
> Reported-by: Coverity (CID: 275475, 275476)
> Cc: Alison Chaiken
> Cc: Simon Goldschmidt
> Cc: Jordy
> Signed-off-by: Tom Rini
> Reviewed-by: Simon Goldschmidt
Applied to u-boot/master, thanks!
--
Tom
signature.asc
Description: PGP signature
Re: [PATCHv3] cmd/gpt: Address error cases during gpt rename more correctly
Just caught up with all the patches and the final one indeed looks good to me
too!
Kind Regards,
Jordy
> On January 22, 2020 2:20 AM Simon Goldschmidt
> wrote:
>
>
> On Tue, Jan 21, 2020 at 5:53 PM Tom Rini wrote:
> >
> > New analysis by the tool has shown that we have some cases where we
> > weren't handling the error exit condition correctly. When we ran into
> > the ENOMEM case we wouldn't exit the function and thus incorrect things
> > could happen. Rework the unwinding such that we don't need a helper
> > function now and free what we may have allocated.
> >
> > Fixes: 18030d04d25d ("GPT: fix memory leaks identified by Coverity")
> > Reported-by: Coverity (CID: 275475, 275476)
> > Cc: Alison Chaiken
> > Cc: Simon Goldschmidt
> > Cc: Jordy
> > Signed-off-by: Tom Rini
>
> Looks good to me.
>
> Reviewed-by: Simon Goldschmidt
>
> > ---
> > Changes in v3:
> > - Move del_gpt_info() call into the unwind as set_gpt_info() will have
> > been called at that point and we need to clear it. (Simon)
> > Changes in v2:
> > - Initialize str_disk_guid to NULL to be sure we can test that it has
> > been set later on (Simon, Jordy).
> > ---
> > cmd/gpt.c | 47 ---
> > 1 file changed, 12 insertions(+), 35 deletions(-)
> >
> > diff --git a/cmd/gpt.c b/cmd/gpt.c
> > index 0c4349f4b249..964702bad43e 100644
> > --- a/cmd/gpt.c
> > +++ b/cmd/gpt.c
> > @@ -633,21 +633,6 @@ static int do_disk_guid(struct blk_desc *dev_desc,
> > char * const namestr)
> > }
> >
> > #ifdef CONFIG_CMD_GPT_RENAME
> > -/*
> > - * There are 3 malloc() calls in set_gpt_info() and there is no info about
> > which
> > - * failed.
> > - */
> > -static void set_gpt_cleanup(char **str_disk_guid,
> > - disk_partition_t **partitions)
> > -{
> > -#ifdef CONFIG_RANDOM_UUID
> > - if (str_disk_guid)
> > - free(str_disk_guid);
> > -#endif
> > - if (partitions)
> > - free(partitions);
> > -}
> > -
> > static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
> >char *name1, char *name2)
> > {
> > @@ -655,7 +640,7 @@ static int do_rename_gpt_parts(struct blk_desc
> > *dev_desc, char *subcomm,
> > struct disk_part *curr;
> > disk_partition_t *new_partitions = NULL;
> > char disk_guid[UUID_STR_LEN + 1];
> > - char *partitions_list, *str_disk_guid;
> > + char *partitions_list, *str_disk_guid = NULL;
> > u8 part_count = 0;
> > int partlistlen, ret, numparts = 0, partnum, i = 1, ctr1 = 0, ctr2
> > = 0;
> >
> > @@ -697,14 +682,8 @@ static int do_rename_gpt_parts(struct blk_desc
> > *dev_desc, char *subcomm,
> > /* set_gpt_info allocates new_partitions and str_disk_guid */
> > ret = set_gpt_info(dev_desc, partitions_list, &str_disk_guid,
> >&new_partitions, &part_count);
> > - if (ret < 0) {
> > - del_gpt_info();
> > - free(partitions_list);
> > - if (ret == -ENOMEM)
> > - set_gpt_cleanup(&str_disk_guid, &new_partitions);
> > - else
> > - goto out;
> > - }
> > + if (ret < 0)
> > + goto out;
> >
> > if (!strcmp(subcomm, "swap")) {
> > if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) >
> > PART_NAME_LEN)) {
> > @@ -766,14 +745,8 @@ static int do_rename_gpt_parts(struct blk_desc
> > *dev_desc, char *subcomm,
> > * Even though valid pointers are here passed into set_gpt_info(),
> > * it mallocs again, and there's no way to tell which failed.
> > */
> > - if (ret < 0) {
> > - del_gpt_info();
> > - free(partitions_list);
> > - if (ret == -ENOMEM)
> > - set_gpt_cleanup(&str_disk_guid, &new_partitions);
> > - else
> > - goto out;
> > - }
> > + if (ret < 0)
> > + goto out;
> >
> > debug("Writing new partition table\n");
> > ret = gpt_restore(dev_desc, disk_guid, new_partitions, numparts);
> > @@ -795,10 +768,14 @@ static int do_rename_gpt_parts(struct blk_desc
> > *dev_desc, char *subcomm,
> > }
> > printf("new partition table with %d partitions is:\n", numparts);
> > print_gpt_info();
> > - del_gpt_info();
> > out:
> > - free(new_partitions);
> > - free(str_disk_guid);
> > + del_gpt_info();
> > +#ifdef CONFIG_RANDOM_UUID
> > + if (str_disk_guid)
> > + free(str_disk_guid);
> > +#endif
> > + if (new_partitions)
> > + free(new_partitions);
> > free(partitions_list);
> > return ret;
> > }
> > --
> > 2.17.1
> >
Re: [PATCHv3] cmd/gpt: Address error cases during gpt rename more correctly
On Tue, Jan 21, 2020 at 5:53 PM Tom Rini wrote:
>
> New analysis by the tool has shown that we have some cases where we
> weren't handling the error exit condition correctly. When we ran into
> the ENOMEM case we wouldn't exit the function and thus incorrect things
> could happen. Rework the unwinding such that we don't need a helper
> function now and free what we may have allocated.
>
> Fixes: 18030d04d25d ("GPT: fix memory leaks identified by Coverity")
> Reported-by: Coverity (CID: 275475, 275476)
> Cc: Alison Chaiken
> Cc: Simon Goldschmidt
> Cc: Jordy
> Signed-off-by: Tom Rini
Looks good to me.
Reviewed-by: Simon Goldschmidt
> ---
> Changes in v3:
> - Move del_gpt_info() call into the unwind as set_gpt_info() will have
> been called at that point and we need to clear it. (Simon)
> Changes in v2:
> - Initialize str_disk_guid to NULL to be sure we can test that it has
> been set later on (Simon, Jordy).
> ---
> cmd/gpt.c | 47 ---
> 1 file changed, 12 insertions(+), 35 deletions(-)
>
> diff --git a/cmd/gpt.c b/cmd/gpt.c
> index 0c4349f4b249..964702bad43e 100644
> --- a/cmd/gpt.c
> +++ b/cmd/gpt.c
> @@ -633,21 +633,6 @@ static int do_disk_guid(struct blk_desc *dev_desc, char
> * const namestr)
> }
>
> #ifdef CONFIG_CMD_GPT_RENAME
> -/*
> - * There are 3 malloc() calls in set_gpt_info() and there is no info about
> which
> - * failed.
> - */
> -static void set_gpt_cleanup(char **str_disk_guid,
> - disk_partition_t **partitions)
> -{
> -#ifdef CONFIG_RANDOM_UUID
> - if (str_disk_guid)
> - free(str_disk_guid);
> -#endif
> - if (partitions)
> - free(partitions);
> -}
> -
> static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
>char *name1, char *name2)
> {
> @@ -655,7 +640,7 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc,
> char *subcomm,
> struct disk_part *curr;
> disk_partition_t *new_partitions = NULL;
> char disk_guid[UUID_STR_LEN + 1];
> - char *partitions_list, *str_disk_guid;
> + char *partitions_list, *str_disk_guid = NULL;
> u8 part_count = 0;
> int partlistlen, ret, numparts = 0, partnum, i = 1, ctr1 = 0, ctr2 =
> 0;
>
> @@ -697,14 +682,8 @@ static int do_rename_gpt_parts(struct blk_desc
> *dev_desc, char *subcomm,
> /* set_gpt_info allocates new_partitions and str_disk_guid */
> ret = set_gpt_info(dev_desc, partitions_list, &str_disk_guid,
>&new_partitions, &part_count);
> - if (ret < 0) {
> - del_gpt_info();
> - free(partitions_list);
> - if (ret == -ENOMEM)
> - set_gpt_cleanup(&str_disk_guid, &new_partitions);
> - else
> - goto out;
> - }
> + if (ret < 0)
> + goto out;
>
> if (!strcmp(subcomm, "swap")) {
> if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) >
> PART_NAME_LEN)) {
> @@ -766,14 +745,8 @@ static int do_rename_gpt_parts(struct blk_desc
> *dev_desc, char *subcomm,
> * Even though valid pointers are here passed into set_gpt_info(),
> * it mallocs again, and there's no way to tell which failed.
> */
> - if (ret < 0) {
> - del_gpt_info();
> - free(partitions_list);
> - if (ret == -ENOMEM)
> - set_gpt_cleanup(&str_disk_guid, &new_partitions);
> - else
> - goto out;
> - }
> + if (ret < 0)
> + goto out;
>
> debug("Writing new partition table\n");
> ret = gpt_restore(dev_desc, disk_guid, new_partitions, numparts);
> @@ -795,10 +768,14 @@ static int do_rename_gpt_parts(struct blk_desc
> *dev_desc, char *subcomm,
> }
> printf("new partition table with %d partitions is:\n", numparts);
> print_gpt_info();
> - del_gpt_info();
> out:
> - free(new_partitions);
> - free(str_disk_guid);
> + del_gpt_info();
> +#ifdef CONFIG_RANDOM_UUID
> + if (str_disk_guid)
> + free(str_disk_guid);
> +#endif
> + if (new_partitions)
> + free(new_partitions);
> free(partitions_list);
> return ret;
> }
> --
> 2.17.1
>
[PATCHv3] cmd/gpt: Address error cases during gpt rename more correctly
New analysis by the tool has shown that we have some cases where we
weren't handling the error exit condition correctly. When we ran into
the ENOMEM case we wouldn't exit the function and thus incorrect things
could happen. Rework the unwinding such that we don't need a helper
function now and free what we may have allocated.
Fixes: 18030d04d25d ("GPT: fix memory leaks identified by Coverity")
Reported-by: Coverity (CID: 275475, 275476)
Cc: Alison Chaiken
Cc: Simon Goldschmidt
Cc: Jordy
Signed-off-by: Tom Rini
---
Changes in v3:
- Move del_gpt_info() call into the unwind as set_gpt_info() will have
been called at that point and we need to clear it. (Simon)
Changes in v2:
- Initialize str_disk_guid to NULL to be sure we can test that it has
been set later on (Simon, Jordy).
---
cmd/gpt.c | 47 ---
1 file changed, 12 insertions(+), 35 deletions(-)
diff --git a/cmd/gpt.c b/cmd/gpt.c
index 0c4349f4b249..964702bad43e 100644
--- a/cmd/gpt.c
+++ b/cmd/gpt.c
@@ -633,21 +633,6 @@ static int do_disk_guid(struct blk_desc *dev_desc, char *
const namestr)
}
#ifdef CONFIG_CMD_GPT_RENAME
-/*
- * There are 3 malloc() calls in set_gpt_info() and there is no info about
which
- * failed.
- */
-static void set_gpt_cleanup(char **str_disk_guid,
- disk_partition_t **partitions)
-{
-#ifdef CONFIG_RANDOM_UUID
- if (str_disk_guid)
- free(str_disk_guid);
-#endif
- if (partitions)
- free(partitions);
-}
-
static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
char *name1, char *name2)
{
@@ -655,7 +640,7 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc,
char *subcomm,
struct disk_part *curr;
disk_partition_t *new_partitions = NULL;
char disk_guid[UUID_STR_LEN + 1];
- char *partitions_list, *str_disk_guid;
+ char *partitions_list, *str_disk_guid = NULL;
u8 part_count = 0;
int partlistlen, ret, numparts = 0, partnum, i = 1, ctr1 = 0, ctr2 = 0;
@@ -697,14 +682,8 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc,
char *subcomm,
/* set_gpt_info allocates new_partitions and str_disk_guid */
ret = set_gpt_info(dev_desc, partitions_list, &str_disk_guid,
&new_partitions, &part_count);
- if (ret < 0) {
- del_gpt_info();
- free(partitions_list);
- if (ret == -ENOMEM)
- set_gpt_cleanup(&str_disk_guid, &new_partitions);
- else
- goto out;
- }
+ if (ret < 0)
+ goto out;
if (!strcmp(subcomm, "swap")) {
if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) >
PART_NAME_LEN)) {
@@ -766,14 +745,8 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc,
char *subcomm,
* Even though valid pointers are here passed into set_gpt_info(),
* it mallocs again, and there's no way to tell which failed.
*/
- if (ret < 0) {
- del_gpt_info();
- free(partitions_list);
- if (ret == -ENOMEM)
- set_gpt_cleanup(&str_disk_guid, &new_partitions);
- else
- goto out;
- }
+ if (ret < 0)
+ goto out;
debug("Writing new partition table\n");
ret = gpt_restore(dev_desc, disk_guid, new_partitions, numparts);
@@ -795,10 +768,14 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc,
char *subcomm,
}
printf("new partition table with %d partitions is:\n", numparts);
print_gpt_info();
- del_gpt_info();
out:
- free(new_partitions);
- free(str_disk_guid);
+ del_gpt_info();
+#ifdef CONFIG_RANDOM_UUID
+ if (str_disk_guid)
+ free(str_disk_guid);
+#endif
+ if (new_partitions)
+ free(new_partitions);
free(partitions_list);
return ret;
}
--
2.17.1
