From 23b916bcc9de857a1c88718cc2315813efbcb4e4 Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Mon, 29 Sep 2014 00:42:52 +0200 Subject: fiasco: Call free at correct place --- src/fiasco.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 721785e..2d22747 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -493,8 +493,10 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { if ( image->layout ) { layout_name = calloc(1, strlen(name) + strlen(".layout") + 1); - if ( ! layout_name ) + if ( ! layout_name ) { + free(name); ALLOC_ERROR_RETURN(-1); + } sprintf(layout_name, "%s.layout", name); @@ -512,8 +514,6 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { } } - free(name); - image_seek(image, 0); while ( 1 ) { size = image_read(image, buf, sizeof(buf)); @@ -522,7 +522,10 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { WRITE_OR_FAIL(name, fd, buf, size); } - close(fd); + free(name); + + if ( ! simulate ) + close(fd); if ( image->layout ) { @@ -534,11 +537,12 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { } } - free(layout_name); - WRITE_OR_FAIL(layout_name, fd, image->layout, (int)strlen(image->layout)); - close(fd); + free(layout_name); + + if ( ! simulate ) + close(fd); } -- cgit v1.2.3 From d6eba113578b653cd752018a2c509dbdd2eca1a6 Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Sun, 19 Oct 2014 18:26:47 +0200 Subject: fiasco: fiasco_alloc_from_file: check if hwrevs has enough size --- src/fiasco.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 2d22747..0c404bc 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -192,9 +192,12 @@ struct fiasco * fiasco_alloc_from_file(const char * file) { if ( ! hwrevs[0] ) strcpy(hwrevs, hwrev); else { - /* TODO: check if hwrevs has enough size */ - strcat(hwrevs, ","); - strcat(hwrevs, hwrev); + size_t len1 = strlen(hwrevs); + size_t len2 = strlen(hwrev); + if ( len1 + len2 + 2 < sizeof(hwrevs) ) { + hwrevs[len1] = ','; + memcpy(hwrevs+len1+1, hwrev, len2+1); + } } VERBOSE(" hw revision: %s\n", hwrev); pbuf += strlen(hwrev) + 1; -- cgit v1.2.3 From f0712d5b23073fcb7d73085132ef72748fa31ae8 Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Sun, 19 Oct 2014 20:23:21 +0200 Subject: all: Replace strlen() call on const string with sizeof()-1 --- src/fiasco.c | 2 +- src/local.c | 14 +++++++------- src/nolo.c | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 0c404bc..74d089f 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -495,7 +495,7 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { if ( image->layout ) { - layout_name = calloc(1, strlen(name) + strlen(".layout") + 1); + layout_name = calloc(1, strlen(name) + sizeof(".layout")-1 + 1); if ( ! layout_name ) { free(name); ALLOC_ERROR_RETURN(-1); diff --git a/src/local.c b/src/local.c index 86d3b78..c7f3ad1 100644 --- a/src/local.c +++ b/src/local.c @@ -127,9 +127,9 @@ int local_init(void) { while ( fgets(buf, sizeof(buf), file) ) { - if ( strncmp(buf, "Hardware", strlen("Hardware")) == 0 ) { + if ( strncmp(buf, "Hardware", sizeof("Hardware")-1) == 0 ) { - ptr = buf + strlen("Hardware"); + ptr = buf + sizeof("Hardware")-1; while ( ptr < buf + sizeof(buf) && *ptr > 0 && *ptr <= 32 ) ++ptr; @@ -328,7 +328,7 @@ int local_dump_image(enum image_type image, const char * file) { buf[0] = 0; close(fd); - if ( strncmp(buf, "internal", strlen("internal")) != 0 ) + if ( strncmp(buf, "internal", sizeof("internal")-1) != 0 ) continue; if ( snprintf(buf, sizeof(buf), "/sys/class/mmc_host/%s/%s:0001/", dirent->d_name, dirent->d_name) <= 0 ) @@ -340,7 +340,7 @@ int local_dump_image(enum image_type image, const char * file) { while ( ( dirent2 = readdir(dir2) ) ) { - if ( strncmp(dirent2->d_name, "block:mmcblk", strlen("block:mmcblk")) != 0 ) + if ( strncmp(dirent2->d_name, "block:mmcblk", sizeof("block:mmcblk")-1) != 0 ) continue; if ( snprintf(buf, sizeof(buf), "/sys/class/mmc_host/%s/%s:0001/%s/dev", dirent->d_name, dirent->d_name, dirent2->d_name) <= 0 ) @@ -540,7 +540,7 @@ int local_set_usb_host_mode(int enable) { int local_get_rd_mode(void) { - if ( strncmp(rd_mode, "master", strlen("master")) == 0 ) + if ( strncmp(rd_mode, "master", sizeof("master")-1) == 0 ) return 1; else return 0; @@ -559,8 +559,8 @@ int local_get_rd_flags(char * flags, size_t size) { const char * ptr; - if ( strncmp(rd_mode, "master", strlen("master")) == 0 ) - ptr = rd_mode + strlen("master"); + if ( strncmp(rd_mode, "master", sizeof("master")-1) == 0 ) + ptr = rd_mode + sizeof("master")-1; else ptr = rd_mode; diff --git a/src/nolo.c b/src/nolo.c index 9ba5a06..77d49e9 100644 --- a/src/nolo.c +++ b/src/nolo.c @@ -464,7 +464,7 @@ int nolo_flash_image(struct usb_device_info * dev, struct image * image) { if ( nolo_get_string(dev, "cmt:status", buf, sizeof(buf)) < 0 ) NOLO_ERROR_RETURN("cmt:status failed", -1); - if ( strncmp(buf, "idle", strlen("idle")) == 0 ) + if ( strncmp(buf, "idle", sizeof("idle")-1) == 0 ) state = 4; else printf("Erasing CMT...\n"); @@ -476,7 +476,7 @@ int nolo_flash_image(struct usb_device_info * dev, struct image * image) { NOLO_ERROR_RETURN("cmt:status failed", -1); } - if ( strncmp(buf, "finished", strlen("finished")) == 0 ) { + if ( strncmp(buf, "finished", sizeof("finished")-1) == 0 ) { if ( state <= 0 ) { printf_progressbar(last_total, last_total); @@ -537,9 +537,9 @@ int nolo_boot_device(struct usb_device_info * dev, const char * cmdline) { int size = 0; int mode = NOLO_BOOT_MODE_NORMAL; - if ( cmdline && strncmp(cmdline, "update", strlen("update")) == 0 && cmdline[strlen("update")] <= 32 ) { + if ( cmdline && strncmp(cmdline, "update", sizeof("update")-1) == 0 && cmdline[sizeof("update")-1] <= 32 ) { mode = NOLO_BOOT_MODE_UPDATE; - cmdline += strlen("update"); + cmdline += sizeof("update")-1; if ( *cmdline ) ++cmdline; while ( *cmdline && *cmdline <= 32 ) ++cmdline; -- cgit v1.2.3 From 89566f559b6fba25de2f3c7a7064417e10ee81aa Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Tue, 18 Nov 2014 18:49:32 +0100 Subject: fiasco: Fix memory leaks --- src/fiasco.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 74d089f..993b43d 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -413,6 +413,7 @@ int fiasco_write_to_file(struct fiasco * fiasco, const char * file) { WRITE_OR_FAIL(file, fd, "2", 1); /* 2 - device & hwrevs */ WRITE_OR_FAIL(file, fd, &device_hwrevs_bufs[i][0], 1); WRITE_OR_FAIL(file, fd, device_hwrevs_bufs[i]+1, ((uint8_t *)(device_hwrevs_bufs[i]))[0]); + /* FIXME: memory leak: device_hwrevs_bufs */ } free(device_hwrevs_bufs); @@ -513,6 +514,8 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { fd = open(name, O_RDWR|O_CREAT|O_TRUNC, 0644); if ( fd < 0 ) { ERROR_INFO("Cannot create output file %s", name); + free(name); + free(layout_name); return -1; } } @@ -522,7 +525,15 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { size = image_read(image, buf, sizeof(buf)); if ( size == 0 ) break; - WRITE_OR_FAIL(name, fd, buf, size); + if ( ! simulate ) { + if ( write(fd, buf, size) != (ssize_t)size ) { + ERROR_INFO_STR(name, "Cannot write %d bytes", size); + close(fd); + free(name); + free(layout_name); + return -1; + } + } } free(name); @@ -538,9 +549,16 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { ERROR_INFO("Cannot create layout file %s", layout_name); return -1; } - } - WRITE_OR_FAIL(layout_name, fd, image->layout, (int)strlen(image->layout)); + size = strlen(image->layout); + + if ( write(fd, image->layout, size) != (ssize_t)size ) { + ERROR_INFO_STR(layout_name, "Cannot write %d bytes", size); + close(fd); + free(layout_name); + return -1; + } + } free(layout_name); -- cgit v1.2.3 From 142ef93ddc8fe78c136547f2d127502aacc633e4 Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Tue, 18 Nov 2014 20:14:23 +0100 Subject: fiasco: Fix initializing variables --- src/fiasco.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 993b43d..06c8312 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -453,9 +453,9 @@ int fiasco_write_to_file(struct fiasco * fiasco, const char * file) { int fiasco_unpack(struct fiasco * fiasco, const char * dir) { - int fd = -1; - char * name = NULL; - char * layout_name = NULL; + int fd; + char * name; + char * layout_name; struct image * image; struct image_list * image_list; uint32_t size; @@ -484,6 +484,10 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { while ( image_list ) { + fd = -1; + name = NULL; + layout_name = NULL; + image = image_list->image; name = image_name_alloc_from_values(image); -- cgit v1.2.3 From e443393aa52ed662b594284d9d053299dace58fb Mon Sep 17 00:00:00 2001 From: Pali Rohár Date: Tue, 18 Nov 2014 20:31:16 +0100 Subject: fiasco: Fix possible memory leak --- src/fiasco.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/fiasco.c') diff --git a/src/fiasco.c b/src/fiasco.c index 06c8312..a2cd55a 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -551,6 +551,7 @@ int fiasco_unpack(struct fiasco * fiasco, const char * dir) { fd = open(layout_name, O_RDWR|O_CREAT|O_TRUNC, 0644); if ( fd < 0 ) { ERROR_INFO("Cannot create layout file %s", layout_name); + free(layout_name); return -1; } -- cgit v1.2.3