From: Simon Glass Date: Tue, 12 Jun 2018 06:04:58 +0000 (-0600) Subject: fdtgrep: Fix logic of free() in do_fdtgrep() X-Git-Tag: v2018.07-rc2~17 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e178db1d7736a92951fdc7f1fd9b8ecf4d2877ba;p=oweals%2Fu-boot.git fdtgrep: Fix logic of free() in do_fdtgrep() This loop never actually exits, but the way the code is written this is not obvious. Add an explicit error check. Reported-by: Coverity (CID: 131280) Signed-off-by: Simon Glass [trini: Add explicit init of region to NULL per LLVM warning] Signed-off-by: Tom Rini --- diff --git a/tools/fdtgrep.c b/tools/fdtgrep.c index f2b8b71ed7..1f64fc38ff 100644 --- a/tools/fdtgrep.c +++ b/tools/fdtgrep.c @@ -773,7 +773,7 @@ char *utilfdt_read(const char *filename) */ static int do_fdtgrep(struct display_info *disp, const char *filename) { - struct fdt_region *region; + struct fdt_region *region = NULL; int max_regions; int count = 100; char path[1024]; @@ -801,7 +801,7 @@ static int do_fdtgrep(struct display_info *disp, const char *filename) * The first pass will count the regions, but if it is too many, * we do another pass to actually record them. */ - for (i = 0; i < 3; i++) { + for (i = 0; i < 2; i++) { region = malloc(count * sizeof(struct fdt_region)); if (!region) { fprintf(stderr, "Out of memory for %d regions\n", @@ -815,11 +815,14 @@ static int do_fdtgrep(struct display_info *disp, const char *filename) disp->flags); if (count < 0) { report_error("fdt_find_regions", count); + free(region); return -1; } if (count <= max_regions) break; free(region); + fprintf(stderr, "Internal error with fdtgrep_find_region)(\n"); + return -1; } /* Optionally print a list of regions */