From 40f95bfc0192f9fdaddbb3dfe77f085941dea48a Mon Sep 17 00:00:00 2001 From: Luo Ji Date: Thu, 7 Mar 2019 18:56:50 +0800 Subject: [PATCH] MA-14280 [coverity] Fix resource leak in libavb Fix resource leak in libavb, coverity issue: CID 5899691: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_out going out of scope leaks the storage it points to. CID 5899689: Resource leak (RESOURCE_LEAK) leaked_storage: Variable hash_buf going out of scope leaks the storage it points to. CID 5899688: Uninitialized pointer read (UNINIT) uninit_use: Using uninitialized value digest. CID 5899692: Structurally dead code (UNREACHABLE) unreachable: This code cannot be reached: goto out; Test: Coverity scan pass. Change-Id: If8e26fdd383c32a9160775006621830b42c0f07e Signed-off-by: Luo Ji --- lib/avb/libavb/avb_slot_verify.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/lib/avb/libavb/avb_slot_verify.c b/lib/avb/libavb/avb_slot_verify.c index 5733f2f..2ca4ff9 100644 --- a/lib/avb/libavb/avb_slot_verify.c +++ b/lib/avb/libavb/avb_slot_verify.c @@ -201,6 +201,11 @@ static AvbSlotVerifyResult load_and_verify_hash_partition( size_t expected_digest_len = 0; uint8_t expected_digest_buf[AVB_SHA512_DIGEST_SIZE]; const uint8_t* expected_digest = NULL; +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) + uint8_t* hash_out = NULL; + uint8_t* hash_buf = NULL; +#endif + if (!avb_hash_descriptor_validate_and_byteswap( (const AvbHashDescriptor*)descriptor, &hash_desc)) { @@ -300,18 +305,18 @@ static AvbSlotVerifyResult load_and_verify_hash_partition( if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) { #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) /* DMA requires cache aligned input/output buffer */ - uint8_t *hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); + hash_out = memalign(ARCH_DMA_MINALIGN, AVB_SHA256_DIGEST_SIZE); if (hash_out == NULL) { avb_error("failed to alloc memory!\n"); - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; goto out; } uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size, ARCH_DMA_MINALIGN); - uint8_t *hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); + hash_buf = memalign(ARCH_DMA_MINALIGN, round_buf_size); if (hash_buf == NULL) { avb_error("failed to alloc memory!\n"); - return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; + ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; goto out; } @@ -331,6 +336,7 @@ static AvbSlotVerifyResult load_and_verify_hash_partition( digest = hash_out; free(hash_buf); + hash_buf = NULL; #else AvbSHA256Ctx sha256_ctx; avb_sha256_init(&sha256_ctx); @@ -389,8 +395,14 @@ static AvbSlotVerifyResult load_and_verify_hash_partition( out: #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) - if (digest != NULL) - free(digest); + if (hash_out != NULL) { + free(hash_out); + hash_out = NULL; + } + if (hash_buf != NULL) { + free(hash_buf); + hash_buf = NULL; + } #endif /* If it worked and something was loaded, copy to slot_data. */ if ((ret == AVB_SLOT_VERIFY_RESULT_OK || result_should_continue(ret)) && -- 1.9.1