From 3c296bd19480033037f4e3f2db4a876a34a41f58 Mon Sep 17 00:00:00 2001 From: Tomas Vanek Date: Fri, 13 Mar 2020 15:34:47 +0100 Subject: [PATCH] jtag/drivers/ulink: fix clang static analyzer warnings scan-build-9: Description: Potential leak of memory pointed to by 'cmd' File: /home/vanekt/openocd/scanbuild9/../src/jtag/drivers/ulink.c Line: 1075 Description: Potential leak of memory pointed to by 'cmd' File: /home/vanekt/openocd/scanbuild9/../src/jtag/drivers/ulink.c Line: 1275 ulink_append_xxx_cmd() functions allocate memory for cmd and then call ulink_allocate_payload(), which allocates cmd->payload_out or cmd->payload_in. ulink_append_queue() checks the size of queue and if the new payload does not fit, calls ulink_execute_queued_commands() and then ulink_post_process_queue(). If any of these two fails, an error is returned, allocated cmd struct leaks and the queue is left in an undefined state. Change ulink_append_queue() flow to proceed to appending cmd to the queue even in the case of fail in previous ulink_execute_queued_commands() or ulink_post_process_queue(). In case of fail then clear the queue including the last appended cmd. Change-Id: I967c07af19e9020c93bcb4ef403cf1f557dd1db1 Signed-off-by: Tomas Vanek Reviewed-on: http://openocd.zylin.com/5370 Tested-by: jenkins Reviewed-by: Oleksij Rempel --- src/jtag/drivers/ulink.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/jtag/drivers/ulink.c b/src/jtag/drivers/ulink.c index 4066d61091..c6683abda2 100644 --- a/src/jtag/drivers/ulink.c +++ b/src/jtag/drivers/ulink.c @@ -650,7 +650,7 @@ void ulink_clear_queue(struct ulink *device) int ulink_append_queue(struct ulink *device, struct ulink_cmd *ulink_cmd) { int newsize_out, newsize_in; - int ret; + int ret = ERROR_OK; newsize_out = ulink_get_queue_size(device, PAYLOAD_DIRECTION_OUT) + 1 + ulink_cmd->payload_out_size; @@ -663,14 +663,12 @@ int ulink_append_queue(struct ulink *device, struct ulink_cmd *ulink_cmd) /* New command does not fit. Execute all commands in queue before starting * new queue with the current command as first entry. */ ret = ulink_execute_queued_commands(device, USB_TIMEOUT); - if (ret != ERROR_OK) - return ret; - ret = ulink_post_process_queue(device); - if (ret != ERROR_OK) - return ret; + if (ret == ERROR_OK) + ret = ulink_post_process_queue(device); - ulink_clear_queue(device); + if (ret == ERROR_OK) + ulink_clear_queue(device); } if (device->queue_start == NULL) { @@ -687,7 +685,10 @@ int ulink_append_queue(struct ulink *device, struct ulink_cmd *ulink_cmd) device->queue_end = ulink_cmd; } - return ERROR_OK; + if (ret != ERROR_OK) + ulink_clear_queue(device); + + return ret; } /** -- 2.30.2