[PATCH] ubiformat: get buffer from malloc

Alexander Aring alex.aring at gmail.com
Mon Mar 25 11:34:08 EDT 2013


On Mon, Mar 25, 2013 at 04:32:15PM +0100, Alexander Aring wrote:
> Hi,
> 
> On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> > There was a erase block sized (here 131072) char buf array on the stack.
> > Changed this to get the space from malloc preventing stack overflows.
> > Also fix a wrong return without clean up.
> > 
> > Signed-off-by: Jan Weitzel <j.weitzel at phytec.de>
> > ---
> >  commands/ubiformat.c |   22 +++++++++++++++-------
> >  1 files changed, 15 insertions(+), 7 deletions(-)
> > 
> > diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> > index 47941be..121816f 100644
> > --- a/commands/ubiformat.c
> > +++ b/commands/ubiformat.c
> > @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
> >  static int flash_image(const struct mtd_dev_info *mtd,
> >  		       const struct ubigen_info *ui, struct ubi_scan_info *si)
> >  {
> > -	int fd, img_ebs, eb, written_ebs = 0, divisor;
> > +	int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> >  	off_t st_size;
> > +	char *buf = NULL;
> >  
> >  	fd = open_file(&st_size);
> >  	if (fd < 0)
> >  		return fd;
> >  
> > +	buf = malloc(mtd->eb_size);
> > +	if (!buf) {
> > +		sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> > +		goto out_close;
> 
> meep, out_close will call free(buf). You need to add a new label above
> free(buf);
> 

ah, free is null proofed sry.

Alex



More information about the barebox mailing list