From: Josh Law <josh2@disroot.org>
To: u-boot@lists.denx.de
Cc: mkorpershoek@kernel.org, igor.opaniuk@gmail.com,
trini@konsulko.com, Josh Law <josh2@disroot.org>
Subject: [PATCH 1/1] libavb: fix avb_replace() OOM handling
Date: Thu, 21 May 2026 16:51:22 +0000 [thread overview]
Message-ID: <20260521165122.17475-2-josh2@disroot.org> (raw)
In-Reply-To: <20260521165122.17475-1-josh2@disroot.org>
avb_replace() promises NULL on OOM. Once it had built the first
replacement, a later allocation failure returned that partial buffer.
Callers treat any result as success, so AVB could keep booting with
truncated bootargs.
Free the partial result and return NULL. The existing callers can then
take their OOM path.
Signed-off-by: Josh Law <josh2@disroot.org>
---
lib/libavb/avb_util.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/libavb/avb_util.c b/lib/libavb/avb_util.c
index 8719ede15a7..9e2e6ea3495 100644
--- a/lib/libavb/avb_util.c
+++ b/lib/libavb/avb_util.c
@@ -272,7 +272,7 @@ char* avb_replace(const char* str, const char* search, const char* replace) {
num_new = num_before + replace_len + 1;
ret = avb_malloc(num_new);
if (ret == NULL) {
- goto out;
+ goto fail;
}
avb_memcpy(ret, str, num_before);
avb_memcpy(ret + num_before, replace, replace_len);
@@ -283,7 +283,7 @@ char* avb_replace(const char* str, const char* search, const char* replace) {
num_new = ret_len + num_before + replace_len + 1;
new_str = avb_malloc(num_new);
if (new_str == NULL) {
- goto out;
+ goto fail;
}
avb_memcpy(new_str, ret, ret_len);
avb_memcpy(new_str + ret_len, str, num_before);
@@ -308,7 +308,7 @@ char* avb_replace(const char* str, const char* search, const char* replace) {
size_t num_new = ret_len + num_remaining + 1;
char* new_str = avb_malloc(num_new);
if (new_str == NULL) {
- goto out;
+ goto fail;
}
avb_memcpy(new_str, ret, ret_len);
avb_memcpy(new_str + ret_len, str_after_last_replace, num_remaining);
@@ -320,6 +320,10 @@ char* avb_replace(const char* str, const char* search, const char* replace) {
out:
return ret;
+
+fail:
+ avb_free(ret);
+ return NULL;
}
/* We only support a limited amount of strings in avb_strdupv(). */
--
2.47.3
next prev parent reply other threads:[~2026-05-21 16:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 16:51 [PATCH 0/1] libavb: fix avb_replace() OOM handling Josh Law
2026-05-21 16:51 ` Josh Law [this message]
2026-05-25 15:15 ` [PATCH 1/1] " Simon Glass
2026-05-26 12:52 ` [PATCH 0/1] " Javier Viguera
2026-05-26 13:10 ` Mattijs Korpershoek
2026-05-26 13:17 ` Josh Law
2026-05-26 14:23 ` Tom Rini
2026-05-26 16:51 ` Kuan-Wei Chiu
2026-05-26 16:53 ` Tom Rini
[not found] <20260521163248.15866-1-josh2@disroot.org>
[not found] ` <20260521163248.15866-2-josh2@disroot.org>
2026-05-22 18:35 ` [PATCH 1/1] " Tom Rini
2026-05-26 13:17 ` Mattijs Korpershoek
2026-05-26 13:18 ` Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521165122.17475-2-josh2@disroot.org \
--to=josh2@disroot.org \
--cc=igor.opaniuk@gmail.com \
--cc=mkorpershoek@kernel.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.