This fix a possible NULL pointer dereference. There is also a risk of memory leaking within the same portion of code. The leak will happen if loaded image is bad or damaged. In this case u-boot-spl will try booting from the other available media. Unfortunately resources allocated for previous boot media will NOT be freed.
We can't fix that issue as the memory allocation mechanism used here is unknown. It can be different kinds of malloc() or something else. To somewhat reduce memory consumption, one can try to reuse previously allocated memory as it's done in board_spl_fit_buffer_addr() from test/image/spl_load.c. The corresponding comment was put to the code as well. Signed-off-by: Mikhail Kshevetskiy <[email protected]> --- common/spl/spl_fit.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 783bb84bdb5..438d1ecf124 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -703,13 +703,29 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx, */ size = get_aligned_image_size(info, size, 0); buf = board_spl_fit_buffer_addr(size, size, 1); + if (!buf) + return -EIO; count = info->read(info, offset, size, buf); + if (!count) { + /* + * The memory allocated by board_spl_fit_buffer_addr() + * should be freed. Unfortunately, we don't know what + * memory allocation mechanism was used, so we'll hope + * for the best and leave it as is. + * + * To somewhat reduce memory consumption, one can try + * to reuse previously allocated memory as it's done in + * board_spl_fit_buffer_addr() from test/image/spl_load.c + */ + return -EIO; + } + ctx->fit = buf; debug("fit read offset %lx, size=%lu, dst=%p, count=%lu\n", offset, size, buf, count); - return (count == 0) ? -EIO : 0; + return 0; } static int spl_simple_fit_parse(struct spl_fit_info *ctx) -- 2.47.2
