diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 321954a1547..b3824af475f 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -703,13 +703,51 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx, */ size = get_aligned_image_size(info, size, 0); buf = board_spl_fit_buffer_addr(size, size, 1); + if (!buf) { + /* + * We assume that none of the board will ever use 0x0 as a + * valid load address. Theoretically some board could use it, + * but this is extremely unlikely. + */ + return -EIO; + } count = info->read(info, offset, size, buf); + if (!count) { + /* + * FIT could not be read. This means we should free the + * memory allocated by board_spl_fit_buffer_addr(). + * Unfortunately, we don't know what memory allocation + * mechanism was used: + * - For the SPL_SYS_MALLOC_SIMPLE case nothing could + * be done. The memory just could not be freed. + * - For statically allocated memory buffer we can try + * to reuse previously allocated memory (example: + * board_spl_fit_buffer_addr() function from the + * file test/image/spl_load.c). + * - For normall malloc() -- memory leak can't be easily + * avoided. To somehow reduce memory consumption the + * next calls of board_spl_fit_buffer_addr() could + * reallocate previously allocated buffer and use + * them again. This is somethat similar to the approach + * used for statically allocated buffer. + * + * Please note: + * - FIT images with data placed outside of the FIT + * structure will cause small memory leak (several + * kilobytes), + * - FIT images with data placed inside to the FIT + * structure may cause huge memory leak (up to + * several megabytes). Do NOT use such images! + */ + return -EIO; + } + ctx->fit = buf; debug("fit read offset %lx, size=%lu, dst=%p, count=%lu\n", offset, size, buf, count); - return (count == 0) ? -EIO : 0; + return 0; } static int spl_simple_fit_parse(struct spl_fit_info *ctx)