summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAntonio Borneo <borneo.antonio@gmail.com>2010-05-26 10:04:03 +0800
committerSpencer Oliver <ntfreak@users.sourceforge.net>2010-05-26 11:01:07 +0100
commitef72484b785ec7462a0415afea679d08b864c7fb (patch)
tree4a525980ad9caec4a2326d55410630f5b504d9a5 /src
parentf1c1bed39a29ae7eca2a43bccdf8feab1033e35d (diff)
downloadopenocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.gz
openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.bz2
openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.tar.xz
openocd_libswd-ef72484b785ec7462a0415afea679d08b864c7fb.zip
NOR/CFI: fix memory leak; check malloc return value
Every time command "flash probe #" is executed, memory structures are re-allocated without preventive free() of former areas, causing memory leak. Also, memory allocation does not check return value, determining segmentation fault in case of out of memory. Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com> Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Diffstat (limited to 'src')
-rw-r--r--src/flash/nor/cfi.c51
1 files changed, 48 insertions, 3 deletions
diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c
index b19b9458..8c1aacad 100644
--- a/src/flash/nor/cfi.c
+++ b/src/flash/nor/cfi.c
@@ -355,8 +355,17 @@ static int cfi_read_intel_pri_ext(struct flash_bank *bank)
{
int retval;
struct cfi_flash_bank *cfi_info = bank->driver_priv;
- struct cfi_intel_pri_ext *pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
+ struct cfi_intel_pri_ext *pri_ext;
+ if (cfi_info->pri_ext)
+ free(cfi_info->pri_ext);
+
+ pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
+ if (pri_ext == NULL)
+ {
+ LOG_ERROR("Out of memory");
+ return ERROR_FAIL;
+ }
cfi_info->pri_ext = pri_ext;
pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
@@ -413,8 +422,17 @@ static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
{
int retval;
struct cfi_flash_bank *cfi_info = bank->driver_priv;
- struct cfi_spansion_pri_ext *pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
+ struct cfi_spansion_pri_ext *pri_ext;
+ if (cfi_info->pri_ext)
+ free(cfi_info->pri_ext);
+
+ pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
+ if (pri_ext == NULL)
+ {
+ LOG_ERROR("Out of memory");
+ return ERROR_FAIL;
+ }
cfi_info->pri_ext = pri_ext;
pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
@@ -476,7 +494,17 @@ static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
int retval;
struct cfi_atmel_pri_ext atmel_pri_ext;
struct cfi_flash_bank *cfi_info = bank->driver_priv;
- struct cfi_spansion_pri_ext *pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
+ struct cfi_spansion_pri_ext *pri_ext;
+
+ if (cfi_info->pri_ext)
+ free(cfi_info->pri_ext);
+
+ pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
+ if (pri_ext == NULL)
+ {
+ LOG_ERROR("Out of memory");
+ return ERROR_FAIL;
+ }
/* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
* but a different primary extended query table.
@@ -644,6 +672,8 @@ FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
cfi_info = malloc(sizeof(struct cfi_flash_bank));
cfi_info->probed = 0;
+ cfi_info->erase_region_info = 0;
+ cfi_info->pri_ext = NULL;
bank->driver_priv = cfi_info;
cfi_info->write_algorithm = NULL;
@@ -1426,6 +1456,11 @@ static int cfi_spansion_write_block(struct flash_bank *bank, uint8_t *buffer, ui
/* convert bus-width dependent algorithm code to correct endiannes */
target_code = malloc(target_code_size);
+ if (target_code == NULL)
+ {
+ LOG_ERROR("Out of memory");
+ return ERROR_FAIL;
+ }
cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
/* allocate working area */
@@ -2099,6 +2134,16 @@ static int cfi_probe(struct flash_bank *bank)
}
cfi_info->probed = 0;
+ if (bank->sectors)
+ {
+ free(bank->sectors);
+ bank->sectors = NULL;
+ }
+ if(cfi_info->erase_region_info)
+ {
+ free(cfi_info->erase_region_info);
+ cfi_info->erase_region_info = NULL;
+ }
/* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
* while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa