On Fri, Jun 06, 2025 at 10:35:24PM +0300, Mikhail Kshevetskiy wrote: > This fix possible NULL pointer dereference. > Also some comments added about potential memory leak. > > Signed-off-by: Mikhail Kshevetskiy <[email protected]> > --- > common/spl/spl_fit.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > > diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c > index 783bb84bdb5..438d1ecf124 100644 > --- a/common/spl/spl_fit.c > +++ b/common/spl/spl_fit.c > @@ -703,13 +703,29 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx, > */ > size = get_aligned_image_size(info, size, 0); > buf = board_spl_fit_buffer_addr(size, size, 1); > + if (!buf) > + return -EIO; > > count = info->read(info, offset, size, buf); > + if (!count) { > + /* > + * The memory allocated by board_spl_fit_buffer_addr() > + * should be freed. Unfortunately, we don't know what > + * memory allocation mechanism was used, so we'll hope > + * for the best and leave it as is. > + * > + * To somewhat reduce memory consumption, one can try > + * to reuse previously allocated memory as it's done in > + * board_spl_fit_buffer_addr() from test/image/spl_load.c > + */ > + return -EIO; > + } > + > ctx->fit = buf; > debug("fit read offset %lx, size=%lu, dst=%p, count=%lu\n", > offset, size, buf, count); > > - return (count == 0) ? -EIO : 0; > + return 0; > } > > static int spl_simple_fit_parse(struct spl_fit_info *ctx)
Since you have a good comment in here can you please elaborate more in the commit message, thanks. -- Tom
signature.asc
Description: PGP signature
