From bd425de3fbb9ba73d4e24573e2b2262ba1b8a3f5 Mon Sep 17 00:00:00 2001 From: Antonio Borneo Date: Thu, 21 May 2020 16:03:17 +0200 Subject: [PATCH] jtag/tcl: fix memory leak in command 'irscan' If the function parse_u64() fails, we jump to return, thus leaking the memory just allocated in 'v'. Issue identified by clang. Move earlier the call to parse_u64() and the associated test, before memory allocation. While there, fix a possible NULL pointer dereferencing in case the calloc() fails, by testing for allocation failure. Change-Id: I6a77ee17aceb282bbdfefe7cdafeba2e0e7012f1 Signed-off-by: Antonio Borneo Reviewed-on: http://openocd.zylin.com/5692 Tested-by: jenkins Reviewed-by: Tarek BOCHKATI --- src/jtag/tcl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/jtag/tcl.c b/src/jtag/tcl.c index 01210bd69..d2f1f0db5 100644 --- a/src/jtag/tcl.c +++ b/src/jtag/tcl.c @@ -1129,14 +1129,19 @@ COMMAND_HANDLER(handle_irscan_command) return ERROR_FAIL; } - int field_size = tap->ir_length; - fields[i].num_bits = field_size; - uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8)); - uint64_t value; retval = parse_u64(CMD_ARGV[i * 2 + 1], &value); if (ERROR_OK != retval) goto error_return; + + int field_size = tap->ir_length; + fields[i].num_bits = field_size; + uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8)); + if (!v) { + LOG_ERROR("Out of memory"); + goto error_return; + } + buf_set_u64(v, 0, field_size, value); fields[i].out_value = v; fields[i].in_value = NULL;