From 5fe6e23c61bf1fde7a1a0568b38d32c4e625f0ef Mon Sep 17 00:00:00 2001
From: Stefan Reinauer <stepan@coresystems.de>
Date: Fri, 31 Jul 2009 11:39:55 +0000
Subject: Catch various cases in libpayload where malloc() or memalign() return
 NULL

Signed-off-by: Stefan Reinauer <stepan@coresystems.de>
Acked-by: Peter Stuge <peter@stuge.se>


git-svn-id: svn://svn.coreboot.org/coreboot/trunk@4474 2b7e53f0-3cfb-0310-b3e9-8179ed1497e1
---
 payloads/libpayload/drivers/usb/uhci.c    | 22 ++++++++++++++++++++++
 payloads/libpayload/drivers/usb/uhci_rh.c |  3 +++
 payloads/libpayload/drivers/usb/usb.c     | 23 ++++++++++++++++-------
 payloads/libpayload/drivers/usb/usbhid.c  |  2 ++
 payloads/libpayload/drivers/usb/usbhub.c  |  6 ++++++
 payloads/libpayload/drivers/usb/usbmsc.c  |  3 +++
 payloads/libpayload/include/usb/usb.h     |  2 ++
 payloads/libpayload/libc/lar.c            |  4 ++++
 payloads/libpayload/libc/malloc.c         |  2 ++
 payloads/libpayload/libc/readline.c       |  2 ++
 10 files changed, 62 insertions(+), 7 deletions(-)

diff --git a/payloads/libpayload/drivers/usb/uhci.c b/payloads/libpayload/drivers/usb/uhci.c
index 198b6c0846..def6b45084 100644
--- a/payloads/libpayload/drivers/usb/uhci.c
+++ b/payloads/libpayload/drivers/usb/uhci.c
@@ -130,7 +130,13 @@ uhci_init (pcidev_t addr)
 	int i;
 	hci_t *controller = new_controller ();
 
+	if (!controller)
+		usb_fatal("Could not create USB controller instance.\n");
+
 	controller->instance = malloc (sizeof (uhci_t));
+	if(!controller->instance)
+		usb_fatal("Not enough memory creating USB controller instance.\n");
+
 	controller->start = uhci_start;
 	controller->stop = uhci_stop;
 	controller->reset = uhci_reset;
@@ -157,6 +163,9 @@ uhci_init (pcidev_t addr)
 	pci_write_config32 (controller->bus_address, 0xc0, 0x8f00);
 
 	UHCI_INST (controller)->framelistptr = memalign (0x1000, 1024 * sizeof (flistp_t *));	/* 4kb aligned to 4kb */
+	if (! UHCI_INST (controller)->framelistptr)
+		usb_fatal("Not enough memory for USB frame list pointer.\n");
+
 	memset (UHCI_INST (controller)->framelistptr, 0,
 		1024 * sizeof (flistp_t));
 
@@ -168,6 +177,8 @@ uhci_init (pcidev_t addr)
 	          for some reason. Not a problem now.
 	   */
 	td_t *antiberserk = memalign(16, sizeof(td_t));
+	if (!antiberserk)
+		usb_fatal("Not enough memory for chipset workaround.\n");
 	memset(antiberserk, 0, sizeof(td_t));
 
 	UHCI_INST (controller)->qh_prei = memalign (16, sizeof (qh_t));
@@ -175,6 +186,12 @@ uhci_init (pcidev_t addr)
 	UHCI_INST (controller)->qh_data = memalign (16, sizeof (qh_t));
 	UHCI_INST (controller)->qh_last = memalign (16, sizeof (qh_t));
 
+	if (! UHCI_INST (controller)->qh_prei ||
+	    ! UHCI_INST (controller)->qh_intr ||
+	    ! UHCI_INST (controller)->qh_data ||
+	    ! UHCI_INST (controller)->qh_last)
+		usb_fatal ("Not enough memory for USB controller queues.\n");
+
 	UHCI_INST (controller)->qh_prei->headlinkptr.ptr =
 		virt_to_phys (UHCI_INST (controller)->qh_intr);
 	UHCI_INST (controller)->qh_prei->headlinkptr.queue_head = 1;
@@ -508,11 +525,16 @@ uhci_create_intr_queue (endpoint_t *ep, int reqsize, int reqcount, int reqtiming
 	td_t *tds = memalign(16, sizeof(td_t) * reqcount);
 	qh_t *qh = memalign(16, sizeof(qh_t));
 
+	if (!data || !tds || !qh)
+		usb_fatal ("Not enough memory to create USB intr queue prerequisites.\n");
+
 	qh->elementlinkptr.ptr = virt_to_phys(tds);
 	qh->elementlinkptr.queue_head = 0;
 	qh->elementlinkptr.terminate = 0;
 
 	intr_q *q = malloc(sizeof(intr_q));
+	if (!q)
+		usb_fatal ("Not enough memory to create USB intr queue.\n");
 	q->qh = qh;
 	q->tds = tds;
 	q->data = data;
diff --git a/payloads/libpayload/drivers/usb/uhci_rh.c b/payloads/libpayload/drivers/usb/uhci_rh.c
index cc3c600289..2f4c7d839c 100644
--- a/payloads/libpayload/drivers/usb/uhci_rh.c
+++ b/payloads/libpayload/drivers/usb/uhci_rh.c
@@ -157,6 +157,9 @@ uhci_rh_init (usbdev_t *dev)
 	uhci_rh_enable_port (dev, 1);
 	uhci_rh_enable_port (dev, 2);
 	dev->data = malloc (sizeof (rh_inst_t));
+	if (!dev->data)
+		usb_fatal ("Not enough memory for UHCI RH.\n");
+
 	RH_INST (dev)->port[0] = -1;
 	RH_INST (dev)->port[1] = -1;
 
diff --git a/payloads/libpayload/drivers/usb/usb.c b/payloads/libpayload/drivers/usb/usb.c
index d536d31d86..25e80065d7 100644
--- a/payloads/libpayload/drivers/usb/usb.c
+++ b/payloads/libpayload/drivers/usb/usb.c
@@ -33,14 +33,16 @@
 hci_t *usb_hcs = 0;
 
 hci_t *
-new_controller ()
+new_controller (void)
 {
 	hci_t *controller = malloc (sizeof (hci_t));
 
-	/* atomic */
-	controller->next = usb_hcs;
-	usb_hcs = controller;
-	/* atomic end */
+	if (controller) {
+		/* atomic */
+		controller->next = usb_hcs;
+		usb_hcs = controller;
+		/* atomic end */
+	}
 
 	return controller;
 }
@@ -48,13 +50,13 @@ new_controller ()
 void
 detach_controller (hci_t *controller)
 {
-	if (controller == 0)
+	if (controller == NULL)
 		return;
 	if (usb_hcs == controller) {
 		usb_hcs = controller->next;
 	} else {
 		hci_t *it = usb_hcs;
-		while (it != 0) {
+		while (it != NULL) {
 			if (it->next == controller) {
 				it->next = controller->next;
 				return;
@@ -386,3 +388,10 @@ usb_attach_device(hci_t *controller, int hubaddress, int port, int lowspeed)
 	newdev_t->init (newdev_t);
 	return newdev;
 }
+
+void
+usb_fatal (const char *message)
+{
+	printf(message);
+	for (;;) ;
+}
diff --git a/payloads/libpayload/drivers/usb/usbhid.c b/payloads/libpayload/drivers/usb/usbhid.c
index 44be9ce8d9..ee217c36d8 100644
--- a/payloads/libpayload/drivers/usb/usbhid.c
+++ b/payloads/libpayload/drivers/usb/usbhid.c
@@ -169,6 +169,8 @@ usb_hid_init (usbdev_t *dev)
 			boot_protos[interface->bInterfaceProtocol]);
 		if (interface->bInterfaceProtocol == hid_boot_proto_keyboard) {
 			dev->data = malloc (sizeof (usbhid_inst_t));
+			if (!dev->data)
+				usb_fatal("Not enough memory for USB HID device.\n");
 			printf ("  configuring...\n");
 			usb_hid_set_protocol(dev, interface, hid_proto_boot);
 			usb_hid_set_idle(dev, interface, 0);
diff --git a/payloads/libpayload/drivers/usb/usbhub.c b/payloads/libpayload/drivers/usb/usbhub.c
index 4625246e22..0a5d0ebcb5 100644
--- a/payloads/libpayload/drivers/usb/usbhub.c
+++ b/payloads/libpayload/drivers/usb/usbhub.c
@@ -128,6 +128,9 @@ usb_hub_init (usbdev_t *dev)
 
 	dev->data = malloc (sizeof (usbhub_inst_t));
 
+	if (!dev->data)
+		usb_fatal("Not enough memory for USB hub.\n");
+
 	HUB_INST (dev)->descriptor =
 		(hub_descriptor_t *) get_descriptor (dev,
 						     gen_bmRequestType
@@ -137,6 +140,9 @@ usb_hub_init (usbdev_t *dev)
 	HUB_INST (dev)->num_ports = HUB_INST (dev)->descriptor->bNbrPorts;
 	HUB_INST (dev)->ports =
 		malloc (sizeof (int) * (HUB_INST (dev)->num_ports + 1));
+	if (! HUB_INST (dev)->ports)
+		usb_fatal("Not enough memory for USB hub ports.\n");
+
 	for (i = 1; i <= HUB_INST (dev)->num_ports; i++)
 		HUB_INST (dev)->ports[i] = -1;
 	for (i = 1; i <= HUB_INST (dev)->num_ports; i++)
diff --git a/payloads/libpayload/drivers/usb/usbmsc.c b/payloads/libpayload/drivers/usb/usbmsc.c
index ad4a10c146..f24bd6d857 100644
--- a/payloads/libpayload/drivers/usb/usbmsc.c
+++ b/payloads/libpayload/drivers/usb/usbmsc.c
@@ -346,6 +346,9 @@ usb_msc_init (usbdev_t *dev)
 	}
 
 	dev->data = malloc (sizeof (usbmsc_inst_t));
+	if (!dev->data)
+		usb_fatal("Not enough memory for USB MSC device.\n");
+
 	MSC_INST (dev)->bulk_in = 0;
 	MSC_INST (dev)->bulk_out = 0;
 
diff --git a/payloads/libpayload/include/usb/usb.h b/payloads/libpayload/include/usb/usb.h
index d06e8077db..9f38b845dd 100644
--- a/payloads/libpayload/include/usb/usb.h
+++ b/payloads/libpayload/include/usb/usb.h
@@ -226,4 +226,6 @@ gen_bmRequestType (dev_req_dir dir, dev_req_type type, dev_req_recp recp)
 
 void usb_detach_device(hci_t *controller, int devno);
 int usb_attach_device(hci_t *controller, int hubaddress, int port, int lowspeed);
+
+void usb_fatal(const char *message) __attribute__ ((noreturn));
 #endif
diff --git a/payloads/libpayload/libc/lar.c b/payloads/libpayload/libc/lar.c
index 225b19001a..9ee09e2ec6 100644
--- a/payloads/libpayload/libc/lar.c
+++ b/payloads/libpayload/libc/lar.c
@@ -113,6 +113,10 @@ struct LAR *openlar(void *addr)
 	 * tear on the heap */
 
 	lar->headers = malloc(16 * sizeof(void *));
+
+	if (!lar->headers)
+		return NULL;
+
 	lar->alloc = 16;
 	lar->count = lar->eof = 0;
 	lar->cindex = 0;
diff --git a/payloads/libpayload/libc/malloc.c b/payloads/libpayload/libc/malloc.c
index d18b289adf..4cb71f6ff4 100644
--- a/payloads/libpayload/libc/malloc.c
+++ b/payloads/libpayload/libc/malloc.c
@@ -309,6 +309,8 @@ void *memalign(size_t align, size_t size)
 	if (size == 0) return 0;
 	if (align_regions == 0) {
 		align_regions = malloc(sizeof(struct align_region_t));
+		if (align_regions == NULL)
+			return NULL;
 		memset(align_regions, 0, sizeof(struct align_region_t));
 	}
 	struct align_region_t *reg = align_regions;
diff --git a/payloads/libpayload/libc/readline.c b/payloads/libpayload/libc/readline.c
index 01a565a698..9387e09149 100644
--- a/payloads/libpayload/libc/readline.c
+++ b/payloads/libpayload/libc/readline.c
@@ -55,6 +55,8 @@ char *readline(const char *prompt)
 	if (!readline_buffer || !readline_bufferlen) {
 #define READLINE_BUFFERSIZE	256
 		readline_buffer = malloc(READLINE_BUFFERSIZE);
+		if (!readline_buffer)
+			return NULL;
 		readline_bufferlen = READLINE_BUFFERSIZE;
 		memset(readline_buffer, 0, readline_bufferlen);
 	}
-- 
cgit v1.2.3