bootstd: rauc: Free memory during error handling

While reading bootflow, memory was not released if an error occurred. Signed-off-by: Francois Berder <[email protected]> Acked-by: Martin Schwan <[email protected]> Tested-by: Martin Schwan <[email protected]>
author: Francois Berder <[email protected]> 2026-01-05 21:26:14 +0100
committer: Tom Rini <[email protected]> 2026-01-16 09:53:57 -0600
commit: 284855320282ccd3c6d0403e85c0e2ab8a566db1 (patch)
tree: c259cacf52fd19973ed22718b828a8a96bd3d851 /boot
parent: 7cb79f8d3d55aaadff5b131aaf29aa176828a57b (diff)
1 files changed, 40 insertions, 11 deletions
diff --git a/boot/bootmeth_rauc.c b/boot/bootmeth_rauc.c
index 833715e1395..432d170e006 100644
--- a/boot/bootmeth_rauc.c
+++ b/boot/bootmeth_rauc.c
@@ -139,12 +139,12 @@ static int distro_rauc_scan_parts(struct bootflow *bflow)
 
 static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow)
 {
-	struct distro_rauc_priv *priv;
-	int ret;
+	struct distro_rauc_priv *priv = NULL;
+	int ret = 0;
 	char *slot;
 	int i;
-	char *partitions;
-	char *boot_order;
+	char *partitions = NULL;
+	char *boot_order = NULL;
 	const char *default_boot_order;
 	const char **default_boot_order_list;
 	char *boot_order_copy;
@@ -176,10 +176,22 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 	if (!priv)
 		return log_msg_ret("buf", -ENOMEM);
 	priv->slots = calloc(1, sizeof(struct distro_rauc_slot));
+	if (!priv->slots) {
+		free(priv);
+		return log_msg_ret("buf", -ENOMEM);
+	}
 
 	/* Copy default boot_order, so we can leave the original unmodified */
 	boot_order_copy = strdup(default_boot_order);
+	if (!boot_order_copy) {
+		ret = log_msg_ret("buf", -ENOMEM);
+		goto rauc_read_bootflow_err;
+	}
 	partitions = strdup(CONFIG_BOOTMETH_RAUC_PARTITIONS);
+	if (!partitions) {
+		ret = log_msg_ret("buf", -ENOMEM);
+		goto rauc_read_bootflow_err;
+	}
 
 	for (i = 1;
 	     (parts = strsep(&partitions, " ")) &&
@@ -189,13 +201,26 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 		struct distro_rauc_slot **new_slots;
 
 		s = calloc(1, sizeof(struct distro_rauc_slot));
+		if (!s) {
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		s->name = strdup(slot);
+		if (!s->name) {
+			free(s);
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		s->boot_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
 		s->root_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
 		new_slots = realloc(priv->slots, (i + 1) *
 				    sizeof(struct distro_rauc_slot));
-		if (!new_slots)
-			return log_msg_ret("buf", -ENOMEM);
+		if (!new_slots) {
+			free(s->name);
+			free(s);
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		priv->slots = new_slots;
 		priv->slots[i - 1] = s;
 		priv->slots[i] = NULL;
@@ -204,15 +229,19 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 	bflow->bootmeth_priv = priv;
 
 	ret = distro_rauc_scan_parts(bflow);
-	if (ret < 0) {
-		distro_rauc_priv_free(priv);
-		free(boot_order_copy);
-		return ret;
-	}
+	if (ret < 0)
+		goto rauc_read_bootflow_err;
 
 	bflow->state = BOOTFLOWST_READY;
 
 	return 0;
+
+rauc_read_bootflow_err:
+	distro_rauc_priv_free(priv);
+	free(boot_order_copy);
+	free(partitions);
+
+	return ret;
 }
 
 static int distro_rauc_read_file(struct udevice *dev, struct bootflow *bflow,
author	Francois Berder <[email protected]>	2026-01-05 21:26:14 +0100
committer	Tom Rini <[email protected]>	2026-01-16 09:53:57 -0600
commit	284855320282ccd3c6d0403e85c0e2ab8a566db1 (patch)
tree	c259cacf52fd19973ed22718b828a8a96bd3d851 /boot
parent	7cb79f8d3d55aaadff5b131aaf29aa176828a57b (diff)