diff options
author | Patrick Georgi <pgeorgi@chromium.org> | 2016-07-29 16:36:23 +0200 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-07-31 20:01:10 +0200 |
commit | 33ab4fea23d8e57b4abab0e10d556ff6344ecf37 (patch) | |
tree | 09d7bac1b56cab9646f4388fec888fb846252fe5 | |
parent | 41b3196bc88b0c869bba0f3e806904c390341306 (diff) |
libpayload: fix leak in libcbfs
stage wasn't freed on errors.
Change-Id: I10d2f42f3e484955619addbef2898981f6f90a35
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1347345
Reviewed-on: https://review.coreboot.org/15958
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
-rw-r--r-- | payloads/libpayload/libcbfs/cbfs.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c index 38b1ff8c71..3cce799fe3 100644 --- a/payloads/libpayload/libcbfs/cbfs.c +++ b/payloads/libpayload/libcbfs/cbfs.c @@ -116,8 +116,10 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name) sizeof(struct cbfs_stage), (void *) (uintptr_t) stage->load, stage->len); - if (!final_size) - return (void *) -1; + if (!final_size) { + entry = -1; + goto out; + } memset((void *)((uintptr_t)stage->load + final_size), 0, stage->memlen - final_size); @@ -127,6 +129,7 @@ void * cbfs_load_stage(struct cbfs_media *media, const char *name) entry = stage->entry; // entry = ntohll(stage->entry); +out: free(stage); return (void *) entry; } |