diff options
author | Antonio Borneo <borneo.antonio@gmail.com> | 2020-05-21 16:03:17 +0200 |
---|---|---|
committer | Antonio Borneo <borneo.antonio@gmail.com> | 2020-06-06 18:05:46 +0100 |
commit | bd425de3fbb9ba73d4e24573e2b2262ba1b8a3f5 (patch) | |
tree | 9081243ed77313fb18cb808c0f2077a70598b676 | |
parent | 6f88aa0fb3bb7a91b5327b75e8fb772ed6d3be2d (diff) | |
download | riscv-openocd-bd425de3fbb9ba73d4e24573e2b2262ba1b8a3f5.zip riscv-openocd-bd425de3fbb9ba73d4e24573e2b2262ba1b8a3f5.tar.gz riscv-openocd-bd425de3fbb9ba73d4e24573e2b2262ba1b8a3f5.tar.bz2 |
jtag/tcl: fix memory leak in command 'irscan'
If the function parse_u64() fails, we jump to return, thus leaking
the memory just allocated in 'v'.
Issue identified by clang.
Move earlier the call to parse_u64() and the associated test,
before memory allocation.
While there, fix a possible NULL pointer dereferencing in case the
calloc() fails, by testing for allocation failure.
Change-Id: I6a77ee17aceb282bbdfefe7cdafeba2e0e7012f1
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/5692
Tested-by: jenkins
Reviewed-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
-rw-r--r-- | src/jtag/tcl.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/jtag/tcl.c b/src/jtag/tcl.c index 01210bd..d2f1f0d 100644 --- a/src/jtag/tcl.c +++ b/src/jtag/tcl.c @@ -1129,14 +1129,19 @@ COMMAND_HANDLER(handle_irscan_command) return ERROR_FAIL; } - int field_size = tap->ir_length; - fields[i].num_bits = field_size; - uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8)); - uint64_t value; retval = parse_u64(CMD_ARGV[i * 2 + 1], &value); if (ERROR_OK != retval) goto error_return; + + int field_size = tap->ir_length; + fields[i].num_bits = field_size; + uint8_t *v = calloc(1, DIV_ROUND_UP(field_size, 8)); + if (!v) { + LOG_ERROR("Out of memory"); + goto error_return; + } + buf_set_u64(v, 0, field_size, value); fields[i].out_value = v; fields[i].in_value = NULL; |