Commit 40f95bfc0192f9fdaddbb3dfe77f085941dea48a
1 parent
27deefcad9
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
4 other branches
MA-14280 [coverity] Fix resource leak in libavb
Fix resource leak in libavb, coverity issue: CID 5899691: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_out going out of scope leaks the storage it points to. CID 5899689: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_buf going out of scope leaks the storage it points to. CID 5899688: Uninitialized pointer read (UNINIT) uninit_use: Using uninitialized value digest. CID 5899692: Structurally dead code (UNREACHABLE) unreachable: This code cannot be reached: goto out; Test: Coverity scan pass. Change-Id: If8e26fdd383c32a9160775006621830b42c0f07e Signed-off-by: Luo Ji <ji.luo@nxp.com>
Showing 1 changed file with 18 additions and 6 deletions Side-by-side Diff
lib/avb/libavb/avb_slot_verify.c
... | ... | @@ -201,7 +201,12 @@ |
201 | 201 | size_t expected_digest_len = 0; |
202 | 202 | uint8_t expected_digest_buf[AVB_SHA512_DIGEST_SIZE]; |
203 | 203 | const uint8_t* expected_digest = NULL; |
204 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
205 | + uint8_t* hash_out = NULL; | |
206 | + uint8_t* hash_buf = NULL; | |
207 | +#endif | |
204 | 208 | |
209 | + | |
205 | 210 | if (!avb_hash_descriptor_validate_and_byteswap( |
206 | 211 | (const AvbHashDescriptor*)descriptor, &hash_desc)) { |
207 | 212 | ret = AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA; |
208 | 213 | |
209 | 214 | |
210 | 215 | |
... | ... | @@ -300,18 +305,18 @@ |
300 | 305 | if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) { |
301 | 306 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) |
302 | 307 | /* DMA requires cache aligned input/output buffer */ |
303 | - uint8_t *hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); | |
308 | + hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); | |
304 | 309 | if (hash_out == NULL) { |
305 | 310 | avb_error("failed to alloc memory!\n"); |
306 | - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
311 | + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
307 | 312 | goto out; |
308 | 313 | } |
309 | 314 | uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size, |
310 | 315 | ARCH_DMA_MINALIGN); |
311 | - uint8_t *hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); | |
316 | + hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); | |
312 | 317 | if (hash_buf == NULL) { |
313 | 318 | avb_error("failed to alloc memory!\n"); |
314 | - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
319 | + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; | |
315 | 320 | goto out; |
316 | 321 | } |
317 | 322 | |
... | ... | @@ -331,6 +336,7 @@ |
331 | 336 | |
332 | 337 | digest = hash_out; |
333 | 338 | free(hash_buf); |
339 | + hash_buf = NULL; | |
334 | 340 | #else |
335 | 341 | AvbSHA256Ctx sha256_ctx; |
336 | 342 | avb_sha256_init(&sha256_ctx); |
... | ... | @@ -389,8 +395,14 @@ |
389 | 395 | out: |
390 | 396 | |
391 | 397 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) |
392 | - if (digest != NULL) | |
393 | - free(digest); | |
398 | + if (hash_out != NULL) { | |
399 | + free(hash_out); | |
400 | + hash_out = NULL; | |
401 | + } | |
402 | + if (hash_buf != NULL) { | |
403 | + free(hash_buf); | |
404 | + hash_buf = NULL; | |
405 | + } | |
394 | 406 | #endif |
395 | 407 | /* If it worked and something was loaded, copy to slot_data. */ |
396 | 408 | if ((ret == AVB_SLOT_VERIFY_RESULT_OK || result_should_continue(ret)) && |