In write_flash_image(), calling function "read" may taints variable
"buf" which turn to an untrusted value as argument of "rte_free".
Coverity issue: 367477
Fixes: 7a4f3993f269 ("raw/ifpga: add FPGA RSU APIs")
Signed-off-by: Wei Huang <wei.hu...@intel.com>
---
drivers/raw/ifpga/base/ifpga_fme_rsu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/raw/ifpga/base/ifpga_fme_rsu.c
b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
index 28198abd78..d32f1eccb1 100644
--- a/drivers/raw/ifpga/base/ifpga_fme_rsu.c
+++ b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
@@ -92,6 +92,7 @@ static int write_flash_image(struct ifpga_sec_mgr *smgr,
const char *image,
uint32_t offset)
{
void *buf = NULL;
+ void *buf_to_free = NULL;
int retry = 0;
uint32_t length = 0;
uint32_t to_transfer = 0;
@@ -122,6 +123,7 @@ static int write_flash_image(struct ifpga_sec_mgr *smgr,
const char *image,
close(fd);
return -ENOMEM;
}
+ buf_to_free = buf;
length = smgr->rsu_length;
one_percent = length / 100;
@@ -177,7 +179,7 @@ static int write_flash_image(struct ifpga_sec_mgr *smgr,
const char *image,
printf("\n");
end:
- free(buf);
+ free(buf_to_free);
close(fd);
return ret;
}
--
2.29.2
