[U-Boot-Users] malloc with no return check?

I noticed the au1xxx ethernet driver has a malloc where the return value isn't checked. I did some more looking while waiting for a slow flash programmer and at least these files seem to do the same thing:
./drivers/ns8382x.c ./drivers/bcm570x.c ./drivers/rtl8139.c ./drivers/eepro100.c ./drivers/dc2114x.c ./drivers/e1000.c ./drivers/sk98lin/skge.c ./drivers/cfb_console.c ./drivers/natsemi.c ./drivers/inca-ip_sw.c ./drivers/rtl8169.c ./drivers/pcnet.c ./cpu/mips/au1x00_eth.c ./cpu/ppc4xx/serial.c ./cpu/ppc4xx/405gp_enet.c ./cpu/ppc4xx/440gx_enet.c ./cpu/i386/serial.c ./cpu/mpc8xx/scc.c ./common/hush.c ./cpu/mpc8xx/spi.c ?maybe ./cpu/mpc8260/spi.c ?maybe ./cpu/mpc85xx/ether_fcc.c ./cpu/mpc8260/ether_fcc.c ./cpu/mpc5xxx/fec.c ./cpu/mpc8220/fec.c ./tools/easylogo/easylogo.c
I didn't look under the board directory or check all varieties of alloc :-) I will submit patches for the mips stuff hopefully next week.

Andrew Dyer wrote:
I noticed the au1xxx ethernet driver has a malloc where the return value isn't checked. I did some more looking while waiting for a slow flash programmer and at least these files seem to do the same thing:
./cpu/ppc4xx/440gx_enet.c
Here's a patch to fix 440gx_enet.c
CHANGELOG Patch by Travis B. Sawyer, 18 July 2005 Check return value of malloc in 440gx_enet.c
Best regards,
Travis
--- u-boot_patched/cpu/ppc4xx/440gx_enet.c 2005-07-13 11:30:40.000000000 -0400 +++ u-boot/cpu/ppc4xx/440gx_enet.c 2005-07-18 22:13:03.000000000 -0400 @@ -267,7 +267,7 @@ int ppc_440x_eth_setup_bridge(int devnum
static int ppc_440x_eth_init (struct eth_device *dev, bd_t * bis) { - int i; + int i, j; unsigned long reg; unsigned long msr; unsigned long speed; @@ -566,6 +566,8 @@ static int ppc_440x_eth_init (struct eth hw_p->alloc_tx_buf = (mal_desc_t *) malloc ((sizeof (mal_desc_t) * NUM_TX_BUFF) + ((2 * CFG_CACHELINE_SIZE) - 2)); + if (NULL == hw_p->alloc_tx_buf) + return -1; if (((int) hw_p->alloc_tx_buf & CACHELINE_MASK) != 0) { hw_p->tx = (mal_desc_t *) ((int) hw_p->alloc_tx_buf + @@ -579,6 +581,12 @@ static int ppc_440x_eth_init (struct eth hw_p->alloc_rx_buf = (mal_desc_t *) malloc ((sizeof (mal_desc_t) * NUM_RX_BUFF) + ((2 * CFG_CACHELINE_SIZE) - 2)); + if (NULL == hw_p->alloc_rx_buf) { + free(hw_p->alloc_tx_buf); + hw_p->alloc_tx_buf = NULL; + return -1; + } + if (((int) hw_p->alloc_rx_buf & CACHELINE_MASK) != 0) { hw_p->rx = (mal_desc_t *) ((int) hw_p->alloc_rx_buf + @@ -592,9 +600,20 @@ static int ppc_440x_eth_init (struct eth for (i = 0; i < NUM_TX_BUFF; i++) { hw_p->tx[i].ctrl = 0; hw_p->tx[i].data_len = 0; - if (hw_p->first_init == 0) + if (hw_p->first_init == 0) { hw_p->txbuf_ptr = (char *) malloc (ENET_MAX_MTU_ALIGNED); + if (NULL == hw_p->txbuf_ptr) { + free(hw_p->alloc_rx_buf); + free(hw_p->alloc_tx_buf); + hw_p->alloc_rx_buf = NULL; + hw_p->alloc_tx_buf = NULL; + for(j = 0; j < i; j++) { + free(hw_p->tx[i].data_ptr); + hw_p->tx[i].data_ptr = NULL; + } + } + } hw_p->tx[i].data_ptr = hw_p->txbuf_ptr; if ((NUM_TX_BUFF - 1) == i) hw_p->tx[i].ctrl |= MAL_TX_CTRL_WRAP;

In message 42DC63EF.2020507@sandburst.com you wrote:
Patch by Travis B. Sawyer, 18 July 2005 Check return value of malloc in 440gx_enet.c
Added, thanks.
Best regards,
Wolfgang Denk

On 7/18/05, Andrew Dyer amdyer@gmail.com wrote:
I noticed the au1xxx ethernet driver has a malloc where the return value isn't checked. I did some more looking while waiting for a slow flash programmer and at least these files seem to do the same thing:
here's a patch for the au1x00_eth.c. I have a lot of other local changes to this file (mii support), so I hope my editing the patch won't make it not apply...
ChangeLog au1x00_eth.c: check malloc return value and abort if it failed

In message c166aa9f050726115354e26978@mail.gmail.com you wrote:
ChangeLog au1x00_eth.c: check malloc return value and abort if it failed
Applied, thanks. But please stick to the Coding Style (indentation!).
Best regards,
Wolfgang Denk
participants (3)
-
Andrew Dyer
-
Travis B. Sawyer
-
Wolfgang Denk