tools: fwumdata: Fix use-after-free in parse_config()

In parse_config(), devname is dynamically allocated by sscanf().
When sscanf() fails to fill enough fields (rc < 3), devname is freed and
the loop continues to the next line. However, if the next call to sscanf()
fails to match (rc == 0), devname is not written and still holds the stale
freed pointer. The subsequent free(devname) then operates on
already-freed memory.

Fix this by resetting devname to NULL before each sscanf() call, so
that a non-matching call leaves a NULL pointer and the subsequent
free() becomes a harmless no-op.

Reported-by: Coverity Scan
Link: https://lists.denx.de/pipermail/u-boot/2026-April/614161.html
Signed-off-by: Kory Maincent <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>

0 files changed, 0 insertions, 0 deletions