Commit 40f95bfc0192f9fdaddbb3dfe77f085941dea48a
1 parent
27deefcad9
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
4 other branches
MA-14280 [coverity] Fix resource leak in libavb
Fix resource leak in libavb, coverity issue: CID 5899691: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_out going out of scope leaks the storage it points to. CID 5899689: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_buf going out of scope leaks the storage it points to. CID 5899688: Uninitialized pointer read (UNINIT) uninit_use: Using uninitialized value digest. CID 5899692: Structurally dead code (UNREACHABLE) unreachable: This code cannot be reached: goto out; Test: Coverity scan pass. Change-Id: If8e26fdd383c32a9160775006621830b42c0f07e Signed-off-by: Luo Ji <ji.luo@nxp.com>
Showing 1 changed file with 18 additions and 6 deletions Side-by-side Diff
lib/avb/libavb/avb_slot_verify.c
| ... | ... | @@ -201,7 +201,12 @@ |
| 201 | 201 | size_t expected_digest_len = 0; |
| 202 | 202 | uint8_t expected_digest_buf[AVB_SHA512_DIGEST_SIZE]; |
| 203 | 203 | const uint8_t* expected_digest = NULL; |
| 204 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
| 205 | + uint8_t* hash_out = NULL; | |
| 206 | + uint8_t* hash_buf = NULL; | |
| 207 | +#endif | |
| 204 | 208 | |
| 209 | + | |
| 205 | 210 | if (!avb_hash_descriptor_validate_and_byteswap( |
| 206 | 211 | (const AvbHashDescriptor*)descriptor, &hash_desc)) { |
| 207 | 212 | ret = AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA; |
| 208 | 213 | |
| 209 | 214 | |
| 210 | 215 | |
| ... | ... | @@ -300,18 +305,18 @@ |
| 300 | 305 | if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) { |
| 301 | 306 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) |
| 302 | 307 | /* DMA requires cache aligned input/output buffer */ |
| 303 | - uint8_t *hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); | |
| 308 | + hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); | |
| 304 | 309 | if (hash_out == NULL) { |
| 305 | 310 | avb_error("failed to alloc memory!\n"); |
| 306 | - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
| 311 | + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
| 307 | 312 | goto out; |
| 308 | 313 | } |
| 309 | 314 | uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size, |
| 310 | 315 | ARCH_DMA_MINALIGN); |
| 311 | - uint8_t *hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); | |
| 316 | + hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); | |
| 312 | 317 | if (hash_buf == NULL) { |
| 313 | 318 | avb_error("failed to alloc memory!\n"); |
| 314 | - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
| 319 | + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
| 315 | 320 | goto out; |
| 316 | 321 | } |
| 317 | 322 | |
| ... | ... | @@ -331,6 +336,7 @@ |
| 331 | 336 | |
| 332 | 337 | digest = hash_out; |
| 333 | 338 | free(hash_buf); |
| 339 | + hash_buf = NULL; | |
| 334 | 340 | #else |
| 335 | 341 | AvbSHA256Ctx sha256_ctx; |
| 336 | 342 | avb_sha256_init(&sha256_ctx); |
| ... | ... | @@ -389,8 +395,14 @@ |
| 389 | 395 | out: |
| 390 | 396 | |
| 391 | 397 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) |
| 392 | - if (digest != NULL) | |
| 393 | - free(digest); | |
| 398 | + if (hash_out != NULL) { | |
| 399 | + free(hash_out); | |
| 400 | + hash_out = NULL; | |
| 401 | + } | |
| 402 | + if (hash_buf != NULL) { | |
| 403 | + free(hash_buf); | |
| 404 | + hash_buf = NULL; | |
| 405 | + } | |
| 394 | 406 | #endif |
| 395 | 407 | /* If it worked and something was loaded, copy to slot_data. */ |
| 396 | 408 | if ((ret == AVB_SLOT_VERIFY_RESULT_OK || result_should_continue(ret)) && |