interesting
/
riscv-openocd
mirror of https://github.com/riscv/riscv-openocd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

jtag/tcl: fix memory leak in command 'irscan' 

If the function parse_u64() fails, we jump to return, thus leaking
the memory just allocated in 'v'.
Issue identified by clang.

Move earlier the call to parse_u64() and the associated test,
before memory allocation.

While there, fix a possible NULL pointer dereferencing in case the
calloc() fails, by testing for allocation failure.

Change-Id: I6a77ee17aceb282bbdfefe7cdafeba2e0e7012f1
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5692
Tested-by: jenkins
Reviewed-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
This commit is contained in:
Antonio Borneo 2020-05-21 16:03:17 +02:00
parent 6f88aa0fb3
commit bd425de3fb
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/jtag/tcl.c
View File

@ -1129,14 +1129,19 @@ COMMAND_HANDLER(handle_irscan_command)
return ERROR_FAIL;
}
int field_size = tap->ir_length;
fields[i].num_bits = field_size;
uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8));
uint64_t value;
retval = parse_u64(CMD_ARGV[i * 2 + 1], &value);
if (ERROR_OK != retval)
goto error_return;
int field_size = tap->ir_length;
fields[i].num_bits = field_size;
uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8));
if (!v) {
LOG_ERROR("Out of memory");
goto error_return;
}
buf_set_u64(v, 0, field_size, value);
fields[i].out_value = v;
fields[i].in_value = NULL;