flash/nor/cfi: fix uninitialized write-mem pointer

In flash/nor/cfi.c:835 struct cfi_info is allocated by malloc(). As
write-mem was uninitialized the pointer pointed to an out of range
address, which led to a segmentation fault and crashed openocd.
This happened during flash-command of an external flash-bank, using
cfi.
Use calloc() instead.
While on it check for NULL return and remove unnecessary initialzation.

Change-Id: I0e2ffb90559afe7f090837023428dcc06b2e29f6
Signed-off-by: Mischa Studer <mischa.studer@csa.ch>
Reviewed-on: http://openocd.zylin.com/6070
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>

diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c
index 5f5071e6966fd46008fe18deba2ac7db4d86ab35..c9eb38b9b5e1172b526009508411453cbd7a9b5d 100644 (file)
--- a/src/flash/nor/cfi.c
+++ b/src/flash/nor/cfi.c
@@ -832,17 +832,13 @@ int cfi_flash_bank_cmd(struct flash_bank *bank, unsigned int argc, const char **
                return ERROR_FLASH_BANK_INVALID;
        }
 
-       cfi_info = malloc(sizeof(struct cfi_flash_bank));
-       cfi_info->probed = false;
-       cfi_info->erase_region_info = NULL;
-       cfi_info->pri_ext = NULL;
+       cfi_info = calloc(1, sizeof(struct cfi_flash_bank));
+       if (cfi_info == NULL) {
+               LOG_ERROR("No memory for flash bank info");
+               return ERROR_FAIL;
+       }
        bank->driver_priv = cfi_info;
 
-       cfi_info->x16_as_x8 = false;
-       cfi_info->jedec_probe = false;
-       cfi_info->not_cfi = false;
-       cfi_info->data_swap = false;
-
        for (unsigned i = 6; i < argc; i++) {
                if (strcmp(argv[i], "x16_as_x8") == 0)
                        cfi_info->x16_as_x8 = true;