From b5889776339eb1a3106cc4639b43d9c58b573ec6 Mon Sep 17 00:00:00 2001 From: Mischa Studer Date: Wed, 24 Feb 2021 13:24:51 +0100 Subject: [PATCH] flash/nor/cfi: fix uninitialized write-mem pointer In flash/nor/cfi.c:835 struct cfi_info is allocated by malloc(). As write-mem was uninitialized the pointer pointed to an out of range address, which led to a segmentation fault and crashed openocd. This happened during flash-command of an external flash-bank, using cfi. Use calloc() instead. While on it check for NULL return and remove unnecessary initialzation. Change-Id: I0e2ffb90559afe7f090837023428dcc06b2e29f6 Signed-off-by: Mischa Studer Reviewed-on: http://openocd.zylin.com/6070 Tested-by: jenkins Reviewed-by: Tomas Vanek --- src/flash/nor/cfi.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c index 5f5071e696..c9eb38b9b5 100644 --- a/src/flash/nor/cfi.c +++ b/src/flash/nor/cfi.c @@ -832,17 +832,13 @@ int cfi_flash_bank_cmd(struct flash_bank *bank, unsigned int argc, const char ** return ERROR_FLASH_BANK_INVALID; } - cfi_info = malloc(sizeof(struct cfi_flash_bank)); - cfi_info->probed = false; - cfi_info->erase_region_info = NULL; - cfi_info->pri_ext = NULL; + cfi_info = calloc(1, sizeof(struct cfi_flash_bank)); + if (cfi_info == NULL) { + LOG_ERROR("No memory for flash bank info"); + return ERROR_FAIL; + } bank->driver_priv = cfi_info; - cfi_info->x16_as_x8 = false; - cfi_info->jedec_probe = false; - cfi_info->not_cfi = false; - cfi_info->data_swap = false; - for (unsigned i = 6; i < argc; i++) { if (strcmp(argv[i], "x16_as_x8") == 0) cfi_info->x16_as_x8 = true; -- 2.30.2