colin/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tools: fix NULL_AFTER_DEREF in image-host.c

Browse Source 
Report of the static analyzer:
1. NULL_AFTER_DEREF Pointer 'str', which is dereferenced at
   image-host.c:688 by calling function 'strdup', is compared to a NULL
   value at image-host.c:691.
2. NULL_AFTER_DEREF Pointer 'list', which is dereferenced at
   image-host.c:689, is compared to a NULL value at image-host.c:691.

Corrections explained:
1. Checking for NULL before using pointers: The if (!list || !str) check
   is now performed before calling strdup and realloc, which prevents
   null pointer dereferences.
2. Checking the result of strdup: strdup can return NULL if memory
   allocation fails. This also needs to be checked.
3. Checking the result of realloc: If realloc returns NULL, then memory
   has not been allocated and dup must be freed to avoid memory leaks.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
This commit is contained in:
Anton Moryakov
2025-01-30 16:42:43 +03:00
committed by Tom Rini
parent a9fdc7abf3
commit 25c03648e9
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tools/image-host.c
View File

@@ -716,11 +716,20 @@ static int strlist_add(struct strlist *list, const char *str)
{
char *dup;
dup = strdup(str);
list->strings = realloc(list->strings,
(list->count + 1) * sizeof(char *));
if (!list || !str)
return -1;
dup = strdup(str);
if(!dup)
return -1;
list->strings = realloc(list->strings,
(list->count + 1) * sizeof(char *));
if (!list->strings) {
free(dup);
return -1;
}
list->strings[list->count++] = dup;
return 0;