Catch various cases in libpayload where malloc() or memalign() return NULL

author Stefan Reinauer <stepan@coresystems.de>

Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)

committer Stefan Reinauer <stepan@openbios.org>

Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)
author Stefan Reinauer <stepan@coresystems.de>
Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)
committer Stefan Reinauer <stepan@openbios.org>
Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)
diff --git a/payloads/libpayload/drivers/usb/uhci.c b/payloads/libpayload/drivers/usb/uhci.c

index 198b6c0846428ac02cd3f276c0a4745345247baa..def6b45084a9b088378ee5921705fd06d67f0a1f 100644 (file)
--- a/payloads/libpayload/drivers/usb/uhci.c
+++ b/payloads/libpayload/drivers/usb/uhci.c
@@ -130,7 +130,13 @@ uhci_init (pcidev_t addr)
         int i;
         hci_t *controller = new_controller ();
  
+       if (!controller)
+               usb_fatal("Could not create USB controller instance.\n");
+
         controller->instance = malloc (sizeof (uhci_t));
+       if(!controller->instance)
+               usb_fatal("Not enough memory creating USB controller instance.\n");
+
         controller->start = uhci_start;
         controller->stop = uhci_stop;
         controller->reset = uhci_reset;
@@ -157,6 +163,9 @@ uhci_init (pcidev_t addr)
         pci_write_config32 (controller->bus_address, 0xc0, 0x8f00);
  
         UHCI_INST (controller)->framelistptr = memalign (0x1000, 1024 * sizeof (flistp_t *));   /* 4kb aligned to 4kb */
+       if (! UHCI_INST (controller)->framelistptr)
+               usb_fatal("Not enough memory for USB frame list pointer.\n");
+
         memset (UHCI_INST (controller)->framelistptr, 0,
                 1024 * sizeof (flistp_t));
  
@@ -168,6 +177,8 @@ uhci_init (pcidev_t addr)
                   for some reason. Not a problem now.
            */
         td_t *antiberserk = memalign(16, sizeof(td_t));
+       if (!antiberserk)
+               usb_fatal("Not enough memory for chipset workaround.\n");
         memset(antiberserk, 0, sizeof(td_t));
  
         UHCI_INST (controller)->qh_prei = memalign (16, sizeof (qh_t));
@@ -175,6 +186,12 @@ uhci_init (pcidev_t addr)
         UHCI_INST (controller)->qh_data = memalign (16, sizeof (qh_t));
         UHCI_INST (controller)->qh_last = memalign (16, sizeof (qh_t));
  
+       if (! UHCI_INST (controller)->qh_prei ||
+           ! UHCI_INST (controller)->qh_intr ||
+           ! UHCI_INST (controller)->qh_data ||
+           ! UHCI_INST (controller)->qh_last)
+               usb_fatal ("Not enough memory for USB controller queues.\n");
+
         UHCI_INST (controller)->qh_prei->headlinkptr.ptr =
                 virt_to_phys (UHCI_INST (controller)->qh_intr);
         UHCI_INST (controller)->qh_prei->headlinkptr.queue_head = 1;
@@ -508,11 +525,16 @@ uhci_create_intr_queue (endpoint_t *ep, int reqsize, int reqcount, int reqtiming
         td_t *tds = memalign(16, sizeof(td_t) * reqcount);
         qh_t *qh = memalign(16, sizeof(qh_t));
  
+       if (!data || !tds || !qh)
+               usb_fatal ("Not enough memory to create USB intr queue prerequisites.\n");
+
         qh->elementlinkptr.ptr = virt_to_phys(tds);
         qh->elementlinkptr.queue_head = 0;
         qh->elementlinkptr.terminate = 0;
  
         intr_q *q = malloc(sizeof(intr_q));
+       if (!q)
+               usb_fatal ("Not enough memory to create USB intr queue.\n");
         q->qh = qh;
         q->tds = tds;
         q->data = data;
diff --git a/payloads/libpayload/drivers/usb/uhci_rh.c b/payloads/libpayload/drivers/usb/uhci_rh.c

index cc3c60028949f63f24ccf943846f10f62779276c..2f4c7d839c60ab86f1f26f66f914a9cf79467890 100644 (file)
--- a/payloads/libpayload/drivers/usb/uhci_rh.c
+++ b/payloads/libpayload/drivers/usb/uhci_rh.c
@@ -157,6 +157,9 @@ uhci_rh_init (usbdev_t *dev)
         uhci_rh_enable_port (dev, 1);
         uhci_rh_enable_port (dev, 2);
         dev->data = malloc (sizeof (rh_inst_t));
+       if (!dev->data)
+               usb_fatal ("Not enough memory for UHCI RH.\n");
+
         RH_INST (dev)->port[0] = -1;
         RH_INST (dev)->port[1] = -1;
  
diff --git a/payloads/libpayload/drivers/usb/usb.c b/payloads/libpayload/drivers/usb/usb.c

index d536d31d86770f7a263bc8a9de4f15d32fb5d897..25e80065d7041c67a70fe060dd727035d8d2b8b6 100644 (file)
--- a/payloads/libpayload/drivers/usb/usb.c
+++ b/payloads/libpayload/drivers/usb/usb.c
@@ -33,14 +33,16 @@
  hci_t *usb_hcs = 0;
  
  hci_t *
-new_controller ()
+new_controller (void)
  {
         hci_t *controller = malloc (sizeof (hci_t));
  
-       /* atomic */
-       controller->next = usb_hcs;
-       usb_hcs = controller;
-       /* atomic end */
+       if (controller) {
+               /* atomic */
+               controller->next = usb_hcs;
+               usb_hcs = controller;
+               /* atomic end */
+       }
  
         return controller;
  }
@@ -48,13 +50,13 @@ new_controller ()
  void
  detach_controller (hci_t *controller)
  {
-       if (controller == 0)
+       if (controller == NULL)
                 return;
         if (usb_hcs == controller) {
                 usb_hcs = controller->next;
         } else {
                 hci_t *it = usb_hcs;
-               while (it != 0) {
+               while (it != NULL) {
                         if (it->next == controller) {
                                 it->next = controller->next;
                                 return;
@@ -386,3 +388,10 @@ usb_attach_device(hci_t *controller, int hubaddress, int port, int lowspeed)
         newdev_t->init (newdev_t);
         return newdev;
  }
+
+void
+usb_fatal (const char *message)
+{
+       printf(message);
+       for (;;) ;
+}
diff --git a/payloads/libpayload/drivers/usb/usbhid.c b/payloads/libpayload/drivers/usb/usbhid.c

index 44be9ce8d95f184f651bbdc99c86bc889349df4f..ee217c36d83ac9a9f1f8b292c1ce96c7faff7ee8 100644 (file)
--- a/payloads/libpayload/drivers/usb/usbhid.c
+++ b/payloads/libpayload/drivers/usb/usbhid.c
@@ -169,6 +169,8 @@ usb_hid_init (usbdev_t *dev)
                         boot_protos[interface->bInterfaceProtocol]);
                 if (interface->bInterfaceProtocol == hid_boot_proto_keyboard) {
                         dev->data = malloc (sizeof (usbhid_inst_t));
+                       if (!dev->data)
+                               usb_fatal("Not enough memory for USB HID device.\n");
                         printf ("  configuring...\n");
                         usb_hid_set_protocol(dev, interface, hid_proto_boot);
                         usb_hid_set_idle(dev, interface, 0);
diff --git a/payloads/libpayload/drivers/usb/usbhub.c b/payloads/libpayload/drivers/usb/usbhub.c

index 4625246e2247b75cafb4d31f546c09009a5d841c..0a5d0ebcb53d66830bfeb3bc20df27886705e75d 100644 (file)
--- a/payloads/libpayload/drivers/usb/usbhub.c
+++ b/payloads/libpayload/drivers/usb/usbhub.c
@@ -128,6 +128,9 @@ usb_hub_init (usbdev_t *dev)
  
         dev->data = malloc (sizeof (usbhub_inst_t));
  
+       if (!dev->data)
+               usb_fatal("Not enough memory for USB hub.\n");
+
         HUB_INST (dev)->descriptor =
                 (hub_descriptor_t *) get_descriptor (dev,
                                                      gen_bmRequestType
@@ -137,6 +140,9 @@ usb_hub_init (usbdev_t *dev)
         HUB_INST (dev)->num_ports = HUB_INST (dev)->descriptor->bNbrPorts;
         HUB_INST (dev)->ports =
                 malloc (sizeof (int) * (HUB_INST (dev)->num_ports + 1));
+       if (! HUB_INST (dev)->ports)
+               usb_fatal("Not enough memory for USB hub ports.\n");
+
         for (i = 1; i <= HUB_INST (dev)->num_ports; i++)
                 HUB_INST (dev)->ports[i] = -1;
         for (i = 1; i <= HUB_INST (dev)->num_ports; i++)
diff --git a/payloads/libpayload/drivers/usb/usbmsc.c b/payloads/libpayload/drivers/usb/usbmsc.c

index ad4a10c1469b33d8d09083fa510056e9bd65158e..f24bd6d85772e19c7d7ca58eefe3c68e4dad4561 100644 (file)
--- a/payloads/libpayload/drivers/usb/usbmsc.c
+++ b/payloads/libpayload/drivers/usb/usbmsc.c
@@ -346,6 +346,9 @@ usb_msc_init (usbdev_t *dev)
         }
  
         dev->data = malloc (sizeof (usbmsc_inst_t));
+       if (!dev->data)
+               usb_fatal("Not enough memory for USB MSC device.\n");
+
         MSC_INST (dev)->bulk_in = 0;
         MSC_INST (dev)->bulk_out = 0;
  
diff --git a/payloads/libpayload/include/usb/usb.h b/payloads/libpayload/include/usb/usb.h

index d06e8077dbf203d299d614b0adedfe58dedce26b..9f38b845dd6c955de0cb04f6cba36441f481062e 100644 (file)
--- a/payloads/libpayload/include/usb/usb.h
+++ b/payloads/libpayload/include/usb/usb.h
@@ -226,4 +226,6 @@ gen_bmRequestType (dev_req_dir dir, dev_req_type type, dev_req_recp recp)
  
  void usb_detach_device(hci_t *controller, int devno);
  int usb_attach_device(hci_t *controller, int hubaddress, int port, int lowspeed);
+
+void usb_fatal(const char *message) __attribute__ ((noreturn));
  #endif
diff --git a/payloads/libpayload/libc/lar.c b/payloads/libpayload/libc/lar.c

index 225b19001a1532e522f59951f544f5d5a217dac8..9ee09e2ec624c44b458f47686e6486102389821f 100644 (file)
--- a/payloads/libpayload/libc/lar.c
+++ b/payloads/libpayload/libc/lar.c
@@ -113,6 +113,10 @@ struct LAR *openlar(void *addr)
          * tear on the heap */
  
         lar->headers = malloc(16 * sizeof(void *));
+
+       if (!lar->headers)
+               return NULL;
+
         lar->alloc = 16;
         lar->count = lar->eof = 0;
         lar->cindex = 0;
diff --git a/payloads/libpayload/libc/malloc.c b/payloads/libpayload/libc/malloc.c

index d18b289adf9ea1a416a4211b456dee632e92b8cf..4cb71f6ff43c011c58c48e86e36cccfc97037433 100644 (file)
--- a/payloads/libpayload/libc/malloc.c
+++ b/payloads/libpayload/libc/malloc.c
@@ -309,6 +309,8 @@ void *memalign(size_t align, size_t size)
         if (size == 0) return 0;
         if (align_regions == 0) {
                 align_regions = malloc(sizeof(struct align_region_t));
+               if (align_regions == NULL)
+                       return NULL;
                 memset(align_regions, 0, sizeof(struct align_region_t));
         }
         struct align_region_t *reg = align_regions;
diff --git a/payloads/libpayload/libc/readline.c b/payloads/libpayload/libc/readline.c

index 01a565a6982526cc7b97d81b8c0ae49d5a49e113..9387e09149e32c095436475adb1b2caa4caa40d4 100644 (file)
--- a/payloads/libpayload/libc/readline.c
+++ b/payloads/libpayload/libc/readline.c
@@ -55,6 +55,8 @@ char *readline(const char *prompt)
         if (!readline_buffer || !readline_bufferlen) {
  #define READLINE_BUFFERSIZE    256
                 readline_buffer = malloc(READLINE_BUFFERSIZE);
+               if (!readline_buffer)
+                       return NULL;
                 readline_bufferlen = READLINE_BUFFERSIZE;
                 memset(readline_buffer, 0, readline_bufferlen);
         }
author	Stefan Reinauer <stepan@coresystems.de>
	Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)
committer	Stefan Reinauer <stepan@openbios.org>
	Fri, 31 Jul 2009 11:39:55 +0000 (11:39 +0000)
payloads/libpayload/drivers/usb/uhci.c		patch \| blob \| history
payloads/libpayload/drivers/usb/uhci_rh.c		patch \| blob \| history
payloads/libpayload/drivers/usb/usb.c		patch \| blob \| history
payloads/libpayload/drivers/usb/usbhid.c		patch \| blob \| history
payloads/libpayload/drivers/usb/usbhub.c		patch \| blob \| history
payloads/libpayload/drivers/usb/usbmsc.c		patch \| blob \| history
payloads/libpayload/include/usb/usb.h		patch \| blob \| history
payloads/libpayload/libc/lar.c		patch \| blob \| history
payloads/libpayload/libc/malloc.c		patch \| blob \| history
payloads/libpayload/libc/readline.c		patch \| blob \| history