erasure_layout.c: Test erasefn_count before using it to allocate memory

In erasure_layout.c:create_erase_layout() the layout will be allocated based on erasefn_count, But calling calloc with 0 is unspecified behavior. Also it is not freed when erasefn_count is 0. So test first if erasefn_count is 0, and only when not allocate the memory for *layout. Reported by Coverty Scan: *** CID 1505171: Resource leaks (RESOURCE_LEAK) /erasure_layout.c: 105 in create_erase_layout() 98 if(!layout) { 99 msg_gerr("Out of memory!\n"); 100 return -1; 101 } 102 103 if (!erasefn_count) { 104 msg_gerr("No erase functions supported\n"); >>> CID 1505171: Resource leaks (RESOURCE_LEAK) >>> Variable "layout" going out of scope leaks the storage it points to. 105 return 0; 106 } Change-Id: If13b050ac8525fee44d3f3bf74a9c9b6a8d38399 Signed-off-by: Thomas Heijligen <[email protected]> Reviewed-on: https://review.coreboot.org/c/flashrom/+/73041 Tested-by: build bot (Jenkins) <[email protected]> Reviewed-by: Anastasia Klimchuk <[email protected]>
therealdreg · Feb 23, 2023 · 3b16ce0 · 3b16ce0
1 parent dddf948
commit 3b16ce0
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/erasure_layout.c b/erasure_layout.c
@@ -93,18 +93,17 @@ int create_erase_layout(struct flashctx *const flashctx, struct erase_layout **e
 {
  const struct flashchip *chip = flashctx->chip;
  const size_t erasefn_count = count_usable_erasers(flashctx);
- struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
+ if (!erasefn_count) {
+ msg_gerr("No erase functions supported\n");
+ return 0;
+ }
 
+ struct erase_layout *layout = calloc(erasefn_count, sizeof(struct erase_layout));
  if (!layout) {
  msg_gerr("Out of memory!\n");
  return -1;
  }
 
- if (!erasefn_count) {
- msg_gerr("No erase functions supported\n");
- return 0;
- }
-
  size_t layout_idx = 0;
  for (size_t eraser_idx = 0; eraser_idx < NUM_ERASEFUNCTIONS; eraser_idx++) {
  if (check_block_eraser(flashctx, eraser_idx, 0))