[Pdbg] [PATCH] libpdbg/host: Actually check the return value of open() in host_pib_probe()

Cyril Bur cyrilbur at gmail.com
Thu Feb 22 16:24:18 AEDT 2018


host_pib_probe() will allocate memory for its private bookkeeping and
then store a file descriptor that it open()s. The check that open()
succeeded looks at the pointer where the file descriptor was put, not
the actual value of it.

Looks like pointers never evaluate to being less than zero - which is
handy but has also meant this bug won't be found easily.

While at it, fix the leak of the private storage if open() does fail.

Signed-off-by: Cyril Bur <cyrilbur at gmail.com>
---
 libpdbg/host.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/libpdbg/host.c b/libpdbg/host.c
index 5692d73..0c5e07b 100644
--- a/libpdbg/host.c
+++ b/libpdbg/host.c
@@ -92,19 +92,20 @@ static int host_pib_probe(struct pdbg_target *target)
 		return -1;
 
 	chip_id = dt_prop_get_u32(target->dn, "chip-id");
-	if (asprintf(&access_fn, "%s/%08d/access", XSCOM_BASE_PATH, chip_id) < 0) {
-		free(fd);
-		return -1;
-	}
+	if (asprintf(&access_fn, "%s/%08d/access", XSCOM_BASE_PATH, chip_id) < 0)
+		goto out;
 
 	*fd = open(access_fn, O_RDWR);
 	free(access_fn);
-	if (fd < 0)
-		return -1;
+	if (*fd < 0)
+		goto out;
 
 	pib->priv = fd;
 
 	return 0;
+out:
+	free(fd);
+	return -1;
 }
 
 struct pib host_pib = {
-- 
2.16.2



More information about the Pdbg mailing list