summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Cross2016-02-01 13:15:30 -0600
committerColin Cross2016-02-01 13:19:26 -0600
commit1eb743ba8b63daf773ed4628504a3bb95ee2c156 (patch)
treea1d24c7c5a9bbfe53d716cfc02129b5f2c3e353c /libsparse
parenta9352202dd52a404199fbdca160d9d2d0992cf63 (diff)
downloadplatform-system-core-1eb743ba8b63daf773ed4628504a3bb95ee2c156.tar.gz
platform-system-core-1eb743ba8b63daf773ed4628504a3bb95ee2c156.tar.xz
platform-system-core-1eb743ba8b63daf773ed4628504a3bb95ee2c156.zip
Fix static analyzer issues caught by clang
system/core/libsparse/sparse_read.c:260:51: warning: Dereference of null pointer (loaded from variable 'crc_ptr') ret = process_crc32_chunk(fd, chunk_data_size, *crc_ptr); system/core/libsparse/sparse_read.c:404:9: warning: Potential leak of memory pointed to by 'buf' return 0; Fixes leak in sparse_file_read_normal, and null pointer dereference crash if an image with an obsolete CRC chunk was read with CRC checking disabled. Bug: 26904425 Change-Id: Ibc72cd37602929ae2c248bea1cdd1d22ea03baaf
Diffstat (limited to 'libsparse')
-rw-r--r--libsparse/sparse_read.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/libsparse/sparse_read.c b/libsparse/sparse_read.c
index ec63850d8..dbb4daba6 100644
--- a/libsparse/sparse_read.c
+++ b/libsparse/sparse_read.c
@@ -199,7 +199,7 @@ static int process_skip_chunk(struct sparse_file *s, unsigned int chunk_size,
199 return 0; 199 return 0;
200} 200}
201 201
202static int process_crc32_chunk(int fd, unsigned int chunk_size, uint32_t crc32) 202static int process_crc32_chunk(int fd, unsigned int chunk_size, uint32_t *crc32)
203{ 203{
204 uint32_t file_crc32; 204 uint32_t file_crc32;
205 int ret; 205 int ret;
@@ -213,7 +213,7 @@ static int process_crc32_chunk(int fd, unsigned int chunk_size, uint32_t crc32)
213 return ret; 213 return ret;
214 } 214 }
215 215
216 if (file_crc32 != crc32) { 216 if (crc32 != NULL && file_crc32 != *crc32) {
217 return -EINVAL; 217 return -EINVAL;
218 } 218 }
219 219
@@ -257,7 +257,7 @@ static int process_chunk(struct sparse_file *s, int fd, off64_t offset,
257 } 257 }
258 return chunk_header->chunk_sz; 258 return chunk_header->chunk_sz;
259 case CHUNK_TYPE_CRC32: 259 case CHUNK_TYPE_CRC32:
260 ret = process_crc32_chunk(fd, chunk_data_size, *crc_ptr); 260 ret = process_crc32_chunk(fd, chunk_data_size, crc_ptr);
261 if (ret < 0) { 261 if (ret < 0) {
262 verbose_error(s->verbose, -EINVAL, "crc block at %" PRId64, 262 verbose_error(s->verbose, -EINVAL, "crc block at %" PRId64,
263 offset); 263 offset);
@@ -374,6 +374,7 @@ static int sparse_file_read_normal(struct sparse_file *s, int fd)
374 ret = read_all(fd, buf, to_read); 374 ret = read_all(fd, buf, to_read);
375 if (ret < 0) { 375 if (ret < 0) {
376 error("failed to read sparse file"); 376 error("failed to read sparse file");
377 free(buf);
377 return ret; 378 return ret;
378 } 379 }
379 380
@@ -401,6 +402,7 @@ static int sparse_file_read_normal(struct sparse_file *s, int fd)
401 block++; 402 block++;
402 } 403 }
403 404
405 free(buf);
404 return 0; 406 return 0;
405} 407}
406 408