[PATCH] tools: Fix handle leak in mmap

U-Boot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] tools: Fix handle leak in mmap_fdt function
@ 2025-02-09 14:56 Maks Mishin
  2025-02-18 19:45 ` Tom Rini
  0 siblings, 1 reply; 4+ messages in thread
From: Maks Mishin @ 2025-02-09 14:56 UTC (permalink / raw)
  To: u-boot; +Cc: Maks Mishin

The handle 'ptr' is created at fit_common.c:91 by calling 
function 'mmap' and lost at fit_common.c:127: 
Added call of free for `ptr` if ptr != MAP_FAILED.

Trigger was found by the Svace static analyzer.

Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
---
 tools/fit_common.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/fit_common.c b/tools/fit_common.c
index d1cde16c1c..135e105929 100644
--- a/tools/fit_common.c
+++ b/tools/fit_common.c
@@ -123,6 +123,7 @@ err:
 		close(fd);
 	if (delete_on_error)
 		unlink(fname);
+	free(ptr);
 
 	return -1;
 }
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] tools: Fix handle leak in mmap_fdt function
  2025-02-09 14:56 [PATCH] tools: Fix handle leak in mmap_fdt function Maks Mishin
@ 2025-02-18 19:45 ` Tom Rini
  0 siblings, 0 replies; 4+ messages in thread
From: Tom Rini @ 2025-02-18 19:45 UTC (permalink / raw)
  To: Maks Mishin; +Cc: u-boot

[-- Attachment #1: Type: text/plain, Size: 1001 bytes --]

On Sun, Feb 09, 2025 at 05:56:41PM +0300, Maks Mishin wrote:

> The handle 'ptr' is created at fit_common.c:91 by calling 
> function 'mmap' and lost at fit_common.c:127: 
> Added call of free for `ptr` if ptr != MAP_FAILED.
> 
> Trigger was found by the Svace static analyzer.
> 
> Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> ---
>  tools/fit_common.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tools/fit_common.c b/tools/fit_common.c
> index d1cde16c1c..135e105929 100644
> --- a/tools/fit_common.c
> +++ b/tools/fit_common.c
> @@ -123,6 +123,7 @@ err:
>  		close(fd);
>  	if (delete_on_error)
>  		unlink(fname);
> +	free(ptr);
>  
>  	return -1;
>  }

This introduces:
/home/uboot/u-boot/u-boot/tools/fit_common.c: In function 'mmap_fdt':
/home/uboot/u-boot/u-boot/tools/fit_common.c:126:9: warning: 'ptr' may be used uninitialized in
 this function [-Wmaybe-uninitialized]
  126 |         free(ptr);
      |         ^~~~~~~~~

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] tools: Fix handle leak in mmap_fdt function
       [not found] <20250418081526.11327-1-ant.v.moryakov@gmail.com>
@ 2025-04-18  8:15 ` ant.v.moryakov
  2025-04-18 11:24   ` Yao Zi
  0 siblings, 1 reply; 4+ messages in thread
From: ant.v.moryakov @ 2025-04-18  8:15 UTC (permalink / raw)
  To: ant.v.moryakov, u-boot; +Cc: Maks Mishin

From: Maks Mishin <maks.mishinFZ@gmail.com>

The handle 'ptr' is created at fit_common.c:91 by calling 
function 'mmap' and lost at fit_common.c:127: 
Added call of free for `ptr` if ptr != MAP_FAILED.

Trigger was found by the Svace static analyzer.

Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
---
 tools/fit_common.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/fit_common.c b/tools/fit_common.c
index d1cde16c1c..135e105929 100644
--- a/tools/fit_common.c
+++ b/tools/fit_common.c
@@ -123,6 +123,7 @@ err:
 		close(fd);
 	if (delete_on_error)
 		unlink(fname);
+	free(ptr);
 
 	return -1;
 }
-- 
2.34.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] tools: Fix handle leak in mmap_fdt function
  2025-04-18  8:15 ` ant.v.moryakov
@ 2025-04-18 11:24   ` Yao Zi
  0 siblings, 0 replies; 4+ messages in thread
From: Yao Zi @ 2025-04-18 11:24 UTC (permalink / raw)
  To: ant.v.moryakov, u-boot; +Cc: Maks Mishin

On Fri, Apr 18, 2025 at 11:15:23AM +0300, ant.v.moryakov@gmail.com wrote:
> From: Maks Mishin <maks.mishinFZ@gmail.com>
> 
> The handle 'ptr' is created at fit_common.c:91 by calling 
> function 'mmap' and lost at fit_common.c:127: 
> Added call of free for `ptr` if ptr != MAP_FAILED.

First, why do you free() a mmapped memory chunk? This really sounds
unreasonable to me.

Second, you don't validate ptr before freeing it actually. It's possible
to branch to label "err" before ptr is initialized, thus you must guard
the free in case of garbage data in ptr (or just initialize ptr to NULL).

> Trigger was found by the Svace static analyzer.
> 
> Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> ---
>  tools/fit_common.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tools/fit_common.c b/tools/fit_common.c
> index d1cde16c1c..135e105929 100644
> --- a/tools/fit_common.c
> +++ b/tools/fit_common.c
> @@ -123,6 +123,7 @@ err:
>  		close(fd);
>  	if (delete_on_error)
>  		unlink(fname);
> +	free(ptr);
>  
>  	return -1;
>  }
> -- 
> 2.34.1

Thanks,
Yao Zi

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-04-18 11:25 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-09 14:56 [PATCH] tools: Fix handle leak in mmap_fdt function Maks Mishin
2025-02-18 19:45 ` Tom Rini
     [not found] <20250418081526.11327-1-ant.v.moryakov@gmail.com>
2025-04-18  8:15 ` ant.v.moryakov
2025-04-18 11:24   ` Yao Zi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox