This fix possible NULL pointer dereference. Also some comments added about potential memory leak.
Signed-off-by: Mikhail Kshevetskiy <[email protected]> --- common/spl/spl_fit.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 783bb84bdb5..438d1ecf124 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -703,13 +703,29 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx, */ size = get_aligned_image_size(info, size, 0); buf = board_spl_fit_buffer_addr(size, size, 1); + if (!buf) + return -EIO; count = info->read(info, offset, size, buf); + if (!count) { + /* + * The memory allocated by board_spl_fit_buffer_addr() + * should be freed. Unfortunately, we don't know what + * memory allocation mechanism was used, so we'll hope + * for the best and leave it as is. + * + * To somewhat reduce memory consumption, one can try + * to reuse previously allocated memory as it's done in + * board_spl_fit_buffer_addr() from test/image/spl_load.c + */ + return -EIO; + } + ctx->fit = buf; debug("fit read offset %lx, size=%lu, dst=%p, count=%lu\n", offset, size, buf, count); - return (count == 0) ? -EIO : 0; + return 0; } static int spl_simple_fit_parse(struct spl_fit_info *ctx) -- 2.47.2
