diff options
author | Antonio Borneo <borneo.antonio@gmail.com> | 2010-05-26 10:04:03 +0800 |
---|---|---|
committer | Spencer Oliver <ntfreak@users.sourceforge.net> | 2010-05-26 11:01:07 +0100 |
commit | ef72484b785ec7462a0415afea679d08b864c7fb (patch) | |
tree | 4a525980ad9caec4a2326d55410630f5b504d9a5 | |
parent | f1c1bed39a29ae7eca2a43bccdf8feab1033e35d (diff) | |
download | openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.gz openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.bz2 openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.xz openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.zip |
NOR/CFI: fix memory leak; check malloc return value
Every time command "flash probe #" is executed, memory
structures are re-allocated without preventive free()
of former areas, causing memory leak.
Also, memory allocation does not check return value,
determining segmentation fault in case of out of memory.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
-rw-r--r-- | src/flash/nor/cfi.c | 51 |
1 files changed, 48 insertions, 3 deletions
diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c index b19b9458..8c1aacad 100644 --- a/src/flash/nor/cfi.c +++ b/src/flash/nor/cfi.c @@ -355,8 +355,17 @@ static int cfi_read_intel_pri_ext(struct flash_bank *bank) { int retval; struct cfi_flash_bank *cfi_info = bank->driver_priv; - struct cfi_intel_pri_ext *pri_ext = malloc(sizeof(struct cfi_intel_pri_ext)); + struct cfi_intel_pri_ext *pri_ext; + if (cfi_info->pri_ext) + free(cfi_info->pri_ext); + + pri_ext = malloc(sizeof(struct cfi_intel_pri_ext)); + if (pri_ext == NULL) + { + LOG_ERROR("Out of memory"); + return ERROR_FAIL; + } cfi_info->pri_ext = pri_ext; pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0); @@ -413,8 +422,17 @@ static int cfi_read_spansion_pri_ext(struct flash_bank *bank) { int retval; struct cfi_flash_bank *cfi_info = bank->driver_priv; - struct cfi_spansion_pri_ext *pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext)); + struct cfi_spansion_pri_ext *pri_ext; + if (cfi_info->pri_ext) + free(cfi_info->pri_ext); + + pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext)); + if (pri_ext == NULL) + { + LOG_ERROR("Out of memory"); + return ERROR_FAIL; + } cfi_info->pri_ext = pri_ext; pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0); @@ -476,7 +494,17 @@ static int cfi_read_atmel_pri_ext(struct flash_bank *bank) int retval; struct cfi_atmel_pri_ext atmel_pri_ext; struct cfi_flash_bank *cfi_info = bank->driver_priv; - struct cfi_spansion_pri_ext *pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext)); + struct cfi_spansion_pri_ext *pri_ext; + + if (cfi_info->pri_ext) + free(cfi_info->pri_ext); + + pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext)); + if (pri_ext == NULL) + { + LOG_ERROR("Out of memory"); + return ERROR_FAIL; + } /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion, * but a different primary extended query table. @@ -644,6 +672,8 @@ FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command) cfi_info = malloc(sizeof(struct cfi_flash_bank)); cfi_info->probed = 0; + cfi_info->erase_region_info = 0; + cfi_info->pri_ext = NULL; bank->driver_priv = cfi_info; cfi_info->write_algorithm = NULL; @@ -1426,6 +1456,11 @@ static int cfi_spansion_write_block(struct flash_bank *bank, uint8_t *buffer, ui /* convert bus-width dependent algorithm code to correct endiannes */ target_code = malloc(target_code_size); + if (target_code == NULL) + { + LOG_ERROR("Out of memory"); + return ERROR_FAIL; + } cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4); /* allocate working area */ @@ -2099,6 +2134,16 @@ static int cfi_probe(struct flash_bank *bank) } cfi_info->probed = 0; + if (bank->sectors) + { + free(bank->sectors); + bank->sectors = NULL; + } + if(cfi_info->erase_region_info) + { + free(cfi_info->erase_region_info); + cfi_info->erase_region_info = NULL; + } /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses, * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa |