On 1 May 2018 at 10:32, Tom Rini trini@konsulko.com wrote:
In do_bootm_states when doing BOOTM_STATE_LOADOS we use load_end uninitialized and Coverity notes this now. This however leads down another interesting path. We pass this pointer to bootm_load_os and that in turn uses this uninitialized value immediately to calculate the flush length, and is wrong. We do not know what load_end will be until after bootm_decomp_image is called, so we must only set flush_len after that. All of this also makes it clear that the only reason we pass a pointer for load_end to bootm_load_os is so that we can call lmb_reserve on success. Rather than initialize load_end to 0 in do_bootm_states we can just call lmb_reserve ourself.
Reported-by: Coverity (CID: 175572) Cc: Simon Glass sjg@chromium.org Signed-off-by: Tom Rini trini@konsulko.com
common/bootm.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-)
Looks better to me.
Reviewed-by: Simon Glass sjg@chromium.org